From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461; .NET CLR 1.0.3705) Description of problem: when the function gzprintf is called with a string bigger than Z_PRINTF_BUFZISE it overflows without giving a warning. it defaults to the unsafe functions unless instructed at compile time to use the secure ones that won't overflow, no warning is given of an error on those cases though Version-Release number of selected component (if applicable): ALL How reproducible: Always Steps to Reproduce: 1. compile code on URL 2. execute 3. Actual Results: execution error Expected Results: non fatal errors returned from the gzprintf call Additional info: this error is also present on the current rawhide version of zlib and in the older releases
Created attachment 90308 [details] zlib 1.1.4 patch that test for [v]snprintf support and fixes overflow
Announcement of this issue is here: http://online.securityfocus.com/archive/1/312869
FIxed in zli8b-1.1.4-8.
the Rawhide package was also affected, but this bug was introduced on zlib on 1.0.6 (Jan 19, 1998), and therefore all of the currently suported releases are vulnerable. i would recommend an errata for zlib and the packages that use it statically linked even if the rawhide release (couldn't test it though as it is not yet available) is fixed, the zlib package i reported with the problem (the one on RH 7.3) needs still a fix that only an errata and not a rawhide package could provide IMHO
A preliminary audit shows only rpm2html gimp-print actually using gzprintf. That's hardly enough to justify an errata, but that's not my call. An errata will be issued if the risk is deemed sufficiently high. Meanwhile, the patch is applied in Raw Hide.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-079.html