Bug 61408 - This is a bug in the "info" component but bugzilla doesn't offer "info"
Summary: This is a bug in the "info" component but bugzilla doesn't offer "info"
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: texinfo   
(Show other bugs)
Version: 6.2
Hardware: All Linux
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: Aaron Brown
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-19 10:23 UTC by Henning Schmiedehausen
Modified: 2007-04-18 16:41 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-19 10:24:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Henning Schmiedehausen 2002-03-19 10:23:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
/sbin/install-info is linked statically against a vulnerable zlib

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. get the zlib-scanner from Florian Weimer
2. run it on /sbin/install-info
3. /tmp/scanner.pl /sbin/install-info 
/sbin/install-info: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
/sbin/install-info: zlib cplens table, little endian
/sbin/install-info: zlib cplext table (version 1.0.5 to 1.1.4)


Actual Results:  The linked zlib is vulnerable

Additional info:

Name        : info                         Relocations: /usr 
Version     : 4.0                               Vendor: Red Hat, Inc.
Release     : 5                             Build Date: Wed Feb  9 23:08:47 2000
Install date: Wed Nov  1 18:28:53 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Base       Source RPM: texinfo-4.0-5.src.rpm
Size        : 243608                           License: GPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A stand-alone TTY-based reader for GNU texinfo documentation.
Description :
The GNU project uses the texinfo file format for much of its
documentation. The info package provides a standalone TTY-based
browser program for viewing texinfo files.

Comment 1 Trond Eivind Glomsrxd 2002-03-19 21:44:28 UTC
Errors against info should be filed against "texinfo", which is the source rpm
for the info rpm (and others). You can get that information with "rpm -qi info".

Anyway, the install-info issue was investigated along with the others and found
not to be an issue. If you install trojan packages, there are many other things
to do than trip zlib :).

Note You need to log in before you can comment on or make changes to this bug.