---------------------------------------------------------------------Red Hat Inc. Red Hat Security Advisory

Synopsis:          Vulnerability in zlib library
Advisory ID:       RHSA-2002:026-35
Issue date:        2002-02-11
Updated on:        2002-03-11
Product:           Red Hat Linux
Keywords:          zlib double free
Cross references:  RHSA-2002:028 RHSA-2002:027
Obsoletes:         
---------------------------------------------------------------------

1. Topic: The zlib library provides in-memory compression/decompression functions. The library is widely used throughout Linux and other operating systems.

   While performing tests on the gdk-pixbuf library, Matthias Clasen created an invalid PNG image that caused libpng to crash. Upon further investigation, this turned out to be a bug in zlib 1.1.3 where certain types of input will cause zlib to free the same area of memory twice (called a "double free").

   EnGarde Secure Linux The Secure Internet Platform EnGarde has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, and firewalling for an entire organization, and supports high-speed broadband connections all using a Web-based front-end. [ View Screenshots ] [ Buy Online ] [ Feature List ]

   This bug can be used to crash any program that takes untrusted compressed input. Web browsers or email programs that display image attachments or other programs that uncompress data are particularly affected. This vulnerability makes it easy to perform various denial-of-service attacks against such programs.

   It is also possible that an attacker could manage a more significant exploit, since the result of a double free is the corruption of the malloc() implementation's data structures. This could include running arbitrary code on local or remote systems.

   Most packages in Red Hat Linux use the shared zlib library and can be protected against vulnerability by updating to the errata zlib package. However, we have identified a number of packages in Red Hat Linux that either statically link to zlib or contain an internal version of zlib code.

   Although no exploits for this issue or these packages are currently known to exist, this is a serious vulnerability which could be locally or remotely exploited. All users should upgrade affected packages immediately.

   Additionally, if you have any programs that you have compiled yourself, you should check to see if they use zlib. If they link to the shared zlib library then they will not be vulnerable once the shared zlib library is updated to the errata package. However, if any programs that decompress arbitrary data statically link to zlib or use their own version of the zlib code internally, then they need to be patched or recompiled.

2. Relevant releases/architectures:

   Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc
   
   Red Hat Linux 7.0 - alpha, i386, i586, i686
   
   Red Hat Linux 7.1 - alpha, i386, i586, i686, ia64
   
   Red Hat Linux 7.2 - i386, i586, i686, ia64
   

3. Problem description: The following details apply to the main Red Hat Linux distribution only. Please see advisory RHSA-2002:027 for Powertools packages.

   cvs: cvs is a version control system. The cvs package has been rebuilt to link against the shared system zlib instead of the internal version.

   Additionally, cvs has been updated to version 1.11.1p1 for Red Hat Linux 6.2, 7.0 and 7.1 which also corrects a possible security vulnerability due to an improperly initialized global variable. (CAN-2002-0092)

   dump: The dump package contains programs for backing up and restoring filesystems. It links statically to zlib and has been rebuilt against the errata zlib package. Red Hat Linux 7, 7.1, and 7.2 packages have also been upgraded to dump-0.4b25, which includes many non-security fixes.

   gcc3: The gcc3 package contains the GNU Compiler Collection version 3.0. It has been updated to version 3.0.4 and patched to link against the system zlib instead of the internal version.

   libgcj: The libgcj package includes the Java runtime library, which is needed to run Java programs compiled using the gcc Java compiler (gcj). libgcj has been patched to use the shared system zlib.

   kernel: The Linux kernel internally contains several variants of zlib code. However, ppp compression is the only implementation that is used with untrusted data streams. This issue has been patched. New kernel errata packages are included for Red Hat Linux 6.2 and 7.

   Users of Red Hat Linux 7.1, or 7.2 should update to the currently released kernel errata RHSA-2002-028 (2.4.9-31) which already contains this fix.

   Netscape Navigator: Users are advised to obtain an update from Netscape.

   rsync: rsync is a program for synchronizing files over a network. rsync uses a modified version of zlib internally. These errata packages patch this internal version of zlib.

   The rsync update package also fixes another security issue where rsync did not call setgroups() before dropping the privileges of the connecting user. Hence, it is possible for users to retain the group IDs of any supplemental groups that rsync was started in (for example, supplementary groups of the root user), allowing users to access files they may not otherwise be able to access. Thanks to Martin Pool and Andrew Tridgell for alerting us to this issue. CAN-2002-0080.

   VNC: VNC is a remote display system in Powertools 6.2. VNC has been patched to use the system zlib library.

   In addition, there is a small HTTP server implementation in the VNC server which can be made to wait indefinitely for input, thereby freezing an active VNC session. The VNC packages recommended by this advisory have been patched to fix this issue. Users of VNC should be aware that the program is designed for use on a trusted network.

   zlib: The zlib library has been updated with a patch to fix the aforementioned vulnerability.

4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied.

   To update all RPMs for your particular architecture, run:

   rpm -Fvh [filenames]

   where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

   Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

   up2date

   This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed ( for more info):
6. RPMs required: Red Hat Linux 6.2:

   SRPMS: 
     
     
     
     
    
   
   alpha: 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   
   i386: 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   
   i586: 
     
    
   
   i686: 
     
     
    
   
   sparc: 
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   
   Red Hat Linux 7.0:
   
   SRPMS: 
     
     
     
     
     
     
    
   
   alpha: 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   
   i386: 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   
   i586: 
     
    
   
   i686: 
     
     
    
   
   Red Hat Linux 7.1:
   
   SRPMS: 
     
     
     
     
     
    
   
   alpha: 
     
     
     
     
     
     
     
     
     
     
    
   
   i386: 
     
     
     
     
     
     
     
     
     
     
    
   
   ia64: 
     
     
     
     
     
    
   
   Red Hat Linux 7.2:
   
   SRPMS: 
     
     
     
     
     
     
     
    
   
   i386: 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   
   ia64: 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    
   

7. Verification:

   MD5 sum                          Package Name
   --------------------------------------------------------------------------8e02d134a33ac295dbd5106493fdda97 6.2/en/os/SRPMS/cvs-1.11.1p1-6.2.src.rpm
   131b26079de78c6f0cac8b26a31113a7 6.2/en/os/SRPMS/dump-0.4b19-5.6x.1.src.rpm
   6b96ad7065a00ec6151f23662130bc09 6.2/en/os/SRPMS/kernel-2.2.19-6.2.15.src.rpm
   01bcbc0059c5b502005ce06a5ef19160 6.2/en/os/SRPMS/rsync-2.4.6-3.6.src.rpm
   b4e8df9d2506d9ae64c720f55a0bce59 6.2/en/os/SRPMS/zlib-1.1.3-25.6.src.rpm
   f727e1db9a1dd6dab65770f8debf1492 6.2/en/os/alpha/cvs-1.11.1p1-6.2.alpha.rpm
   632bf922df6f841683fbe3e83c374f74 6.2/en/os/alpha/dump-0.4b19-5.6x.1.alpha.rpm
   922165e41e0bc5f65e082cc7094a9077 6.2/en/os/alpha/dump-static-0.4b19-5.6x.1.alpha.rpm
   6824944605493d99bfc77ff670f6973a 6.2/en/os/alpha/kernel-2.2.19-6.2.15.alpha.rpm
   c8f9fdc37ec11a512cda1b85dd9f63a9 6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.15.alpha.rpm
   c2c116a0cd393dfb2345c3e40f229e6a 6.2/en/os/alpha/kernel-doc-2.2.19-6.2.15.alpha.rpm
   53066bedf4a0dbf8b4a7db00e2510e33 6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.15.alpha.rpm
   c78d34143bed2744af9d56b6ddee4e39 6.2/en/os/alpha/kernel-jensen-2.2.19-6.2.15.alpha.rpm
   cea576164ee05702dca3b0acdffd32bb 6.2/en/os/alpha/kernel-smp-2.2.19-6.2.15.alpha.rpm
   b010b830ace6c2e8715c64133c661d06 6.2/en/os/alpha/kernel-source-2.2.19-6.2.15.alpha.rpm
   8469f12ad59c33d3865ad6984da5ad34 6.2/en/os/alpha/kernel-utils-2.2.19-6.2.15.alpha.rpm
   e0c7f2d151e3d15c18913c090ecc316a 6.2/en/os/alpha/rmt-0.4b19-5.6x.1.alpha.rpm
   863716a131bf5d87a16e458e69609d0a 6.2/en/os/alpha/rsync-2.4.6-3.6.alpha.rpm
   8e1e3754359de96f9b719a3d6329fb44 6.2/en/os/alpha/zlib-1.1.3-25.6.alpha.rpm
   8c479f77bd3148966031355912bf2647 6.2/en/os/alpha/zlib-devel-1.1.3-25.6.alpha.rpm
   50599253cc0ace39a04b7c4a95d5febb 6.2/en/os/i386/cvs-1.11.1p1-6.2.i386.rpm
   8ac9e87a40bdbc02c958e0a5acdbee5c 6.2/en/os/i386/dump-0.4b19-5.6x.1.i386.rpm
   b2c4b6147e6fd29c6b4b7b00a21eebaa 6.2/en/os/i386/dump-static-0.4b19-5.6x.1.i386.rpm
   4814bf80057c8801cc7a7f5ddae5d3d5 6.2/en/os/i386/kernel-2.2.19-6.2.15.i386.rpm
   5bcbdd07bb53eb4ca138d69fccaddd05 6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.15.i386.rpm
   11a64570dff522924d02f388e6de4403 6.2/en/os/i386/kernel-doc-2.2.19-6.2.15.i386.rpm
   c937e653b3165d102b91202bd3862570 6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.15.i386.rpm
   bbfad2946071356b62a2b5e0c40693d2 6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.15.i386.rpm
   b0a1364c7182549d47038f68b7823292 6.2/en/os/i386/kernel-smp-2.2.19-6.2.15.i386.rpm
   d86ca0c8fb65089af11e181ee63287fb 6.2/en/os/i386/kernel-source-2.2.19-6.2.15.i386.rpm
   387be7b7882a964eb22bfc8b61f21edf 6.2/en/os/i386/kernel-utils-2.2.19-6.2.15.i386.rpm
   d02d195b4adde793a74da493016a2f6a 6.2/en/os/i386/rmt-0.4b19-5.6x.1.i386.rpm
   e9762ff858e4dd4d48fc1b5418681e19 6.2/en/os/i386/rsync-2.4.6-3.6.i386.rpm
   d3e7293df89d9e74cea78e2556cb6ea4 6.2/en/os/i386/zlib-1.1.3-25.6.i386.rpm
   c53b34ee09b9f44a346a144f80b81bd7 6.2/en/os/i386/zlib-devel-1.1.3-25.6.i386.rpm
   0b692c5e65788b56596f41a539c27ba0 6.2/en/os/i586/kernel-2.2.19-6.2.15.i586.rpm
   39441131698d1e95ce03dd83503faf2c 6.2/en/os/i586/kernel-smp-2.2.19-6.2.15.i586.rpm
   992c83f0c75cb0f8fbcb988c79d3e80e 6.2/en/os/i686/kernel-2.2.19-6.2.15.i686.rpm
   58348c9914d3a3fac52573946af0959b 6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.15.i686.rpm
   642d71c9e7f30f73419ce8430c47d1d6 6.2/en/os/i686/kernel-smp-2.2.19-6.2.15.i686.rpm
   0a73be9de7eef6df86f9a6231ce84250 6.2/en/os/sparc/cvs-1.11.1p1-6.2.sparc.rpm
   4743fc86588f8d2550a94133b1b70526 6.2/en/os/sparc/dump-0.4b19-5.6x.1.sparc.rpm
   9c0119c1a0e461ffe1437a4bd44aacd6 6.2/en/os/sparc/dump-static-0.4b19-5.6x.1.sparc.rpm
   9ee058594c6bce7e326175288b09236d 6.2/en/os/sparc/kernel-2.2.19-6.2.15.sparc.rpm
   a4d93aded178179d75c84da85f2977b1 6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.15.sparc.rpm
   43c23cdb7caa927b918cc06688510c06 6.2/en/os/sparc/kernel-doc-2.2.19-6.2.15.sparc.rpm
   41ea0c7b728f8a5590afea932a8796f1 6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.15.sparc.rpm
   b08d965c394aa420b1ab8f727d7090c3 6.2/en/os/sparc/kernel-smp-2.2.19-6.2.15.sparc.rpm
   209b0cda68e1cd2680b71163d681ab7f 6.2/en/os/sparc/kernel-source-2.2.19-6.2.15.sparc.rpm
   a75749166c315228e8e2d466520f1169 6.2/en/os/sparc/kernel-utils-2.2.19-6.2.15.sparc.rpm
   a0b0518694524b85e22c335cb5bbb59d 6.2/en/os/sparc/rmt-0.4b19-5.6x.1.sparc.rpm
   71d5f307993bf1c5c666b343a56d371f 6.2/en/os/sparc/rsync-2.4.6-3.6.sparc.rpm
   4019dfa3b0a196ba8ce3af1a3dc0e8a4 6.2/en/os/sparc/zlib-1.1.3-25.6.sparc.rpm
   4c1161a93f9d40983db0ae55545830f5 6.2/en/os/sparc/zlib-devel-1.1.3-25.6.sparc.rpm
   49cf09e03d1d51fb2571ac2287e1dcde 7.0/en/os/SRPMS/cvs-1.11.1p1-7.src.rpm
   bccc5133d4080eab76d4c080775c7fe2 7.0/en/os/SRPMS/dump-0.4b25-1.70.0.src.rpm
   e18266d69460dcde1cf97bc62cc749ad 7.0/en/os/SRPMS/kernel-2.2.19-7.0.15.src.rpm
   b58ce67092cc40ac228e1af362e1324a 7.0/en/os/SRPMS/libgcj-2.96-24.1.src.rpm
   b5d8794ea6fe06fdf6bf46829bae89d7 7.0/en/os/SRPMS/rsync-2.4.6-13.src.rpm
   875db48b0b102ce4627a217a2596a903 7.0/en/os/SRPMS/vnc-3.3.3r2-18.3.src.rpm
   e4c9b7ea941c1b5f364aa4d57c06de68 7.0/en/os/SRPMS/zlib-1.1.3-25.7.src.rpm
   658d899deda0305388579b5912b31b4a 7.0/en/os/alpha/cvs-1.11.1p1-7.alpha.rpm
   68987e1d8f6c09bb927939da5c254688 7.0/en/os/alpha/dump-0.4b25-1.70.0.alpha.rpm
   97cb6c46375530d7032d4a8826d6b585 7.0/en/os/alpha/kernel-2.2.19-7.0.15.alpha.rpm
   bfdf9bca146c8cec782b1c831fb64bc9 7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.15.alpha.rpm
   0c97b9bd4a3b26f7c423d8e440f41e35 7.0/en/os/alpha/kernel-doc-2.2.19-7.0.15.alpha.rpm
   9eef41c22a7aa6950ac5b53d4c0bd380 7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.15.alpha.rpm
   be4c4af7701713315ff421598ed5150b 7.0/en/os/alpha/kernel-jensen-2.2.19-7.0.15.alpha.rpm
   464a95670556d1630797bf84e89bef23 7.0/en/os/alpha/kernel-smp-2.2.19-7.0.15.alpha.rpm
   589f68b758fbe1b6045e8cd4c4f1b142 7.0/en/os/alpha/kernel-source-2.2.19-7.0.15.alpha.rpm
   c8311269d5888643d43b21ee8b5c7e0f 7.0/en/os/alpha/kernel-utils-2.2.19-7.0.15.alpha.rpm
   0009a93f552453ff1d2c7116d20ef9fa 7.0/en/os/alpha/libgcj-2.96-24.1.alpha.rpm
   7e5ac3667bc8af8f3afb24fe949bacb4 7.0/en/os/alpha/libgcj-devel-2.96-24.1.alpha.rpm
   7c0d97c7ad92859c5cf4a6c86e55f52d 7.0/en/os/alpha/rmt-0.4b25-1.70.0.alpha.rpm
   7f678187e558fa86744fba161756f0bd 7.0/en/os/alpha/rsync-2.4.6-13.alpha.rpm
   2d8a1da805e2d6521963ff99110bb843 7.0/en/os/alpha/vnc-3.3.3r2-18.3.alpha.rpm
   8f68b3f1ff1a0e897c1c221c9f9389ee 7.0/en/os/alpha/vnc-doc-3.3.3r2-18.3.alpha.rpm
   6463c1226edebdeb0494f20701cbcf29 7.0/en/os/alpha/vnc-server-3.3.3r2-18.3.alpha.rpm
   73352503d0864dbfa6db5369002fb0a1 7.0/en/os/alpha/zlib-1.1.3-25.7.alpha.rpm
   542159b445cc9d1f0d8636e374711f86 7.0/en/os/alpha/zlib-devel-1.1.3-25.7.alpha.rpm
   ce2644ac389d9aa9993fe010cb7f30c8 7.0/en/os/i386/cvs-1.11.1p1-7.i386.rpm
   07219be3485102a1b902d3968b3c4420 7.0/en/os/i386/dump-0.4b25-1.70.0.i386.rpm
   0b208db4d3a052fb1d63f6aa45865ad2 7.0/en/os/i386/kernel-2.2.19-7.0.15.i386.rpm
   703fcd01e22645901caeb2f9065e4194 7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.15.i386.rpm
   df3a5e787ff699d900f37a8f0bd88a0a 7.0/en/os/i386/kernel-doc-2.2.19-7.0.15.i386.rpm
   cb577e6bb6cee4f5f98d9cfff6d6e746 7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.15.i386.rpm
   53c19bea9c3fc76d0a1bfdd72faed7df 7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.15.i386.rpm
   9615214b740d8b0426f2f28a3066cbb6 7.0/en/os/i386/kernel-smp-2.2.19-7.0.15.i386.rpm
   852cea6cb40405d54fac68a53afb7c3a 7.0/en/os/i386/kernel-source-2.2.19-7.0.15.i386.rpm
   61ec6d4b10078c4671da91302ebaccc5 7.0/en/os/i386/kernel-utils-2.2.19-7.0.15.i386.rpm
   fd1c65551e77fc09837130cee54f4283 7.0/en/os/i386/libgcj-2.96-24.1.i386.rpm
   fd2186bc67d1e98f3e83ced9f0a84215 7.0/en/os/i386/libgcj-devel-2.96-24.1.i386.rpm
   a7c94e2d2fd3057f9c51e394b9488f19 7.0/en/os/i386/rmt-0.4b25-1.70.0.i386.rpm
   dd9003947e4ae34aff75ea48e5289332 7.0/en/os/i386/rsync-2.4.6-13.i386.rpm
   ff07ff43709ea26fff9849fbeb27c38d 7.0/en/os/i386/vnc-3.3.3r2-18.3.i386.rpm
   9ce73058c017df69bc12121db7999fa0 7.0/en/os/i386/vnc-doc-3.3.3r2-18.3.i386.rpm
   6d29cc38d6735b7ff2fb9ee4237bfbcd 7.0/en/os/i386/vnc-server-3.3.3r2-18.3.i386.rpm
   1c2a98b53ec5bd716b48d71643705055 7.0/en/os/i386/zlib-1.1.3-25.7.i386.rpm
   7f6840ee653f0b6e88d3fb28fa56eaf7 7.0/en/os/i386/zlib-devel-1.1.3-25.7.i386.rpm
   7f25476de897b5524dde27756c70d489 7.0/en/os/i586/kernel-2.2.19-7.0.15.i586.rpm
   5d14f88b612218475f8d56a551b6a00f 7.0/en/os/i586/kernel-smp-2.2.19-7.0.15.i586.rpm
   fa15178dc1408fe7222052f6ee1e2e44 7.0/en/os/i686/kernel-2.2.19-7.0.15.i686.rpm
   9cab456bc2c61af67fa236abc58a4510 7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.15.i686.rpm
   98437e8de26ba3efb2a35d21ce4ea5e4 7.0/en/os/i686/kernel-smp-2.2.19-7.0.15.i686.rpm
   49cf09e03d1d51fb2571ac2287e1dcde 7.1/en/os/SRPMS/cvs-1.11.1p1-7.src.rpm
   df8014439d38a88d84bb6cac9cb13547 7.1/en/os/SRPMS/dump-0.4b25-1.71.0.src.rpm
   b58ce67092cc40ac228e1af362e1324a 7.1/en/os/SRPMS/libgcj-2.96-24.1.src.rpm
   b5d8794ea6fe06fdf6bf46829bae89d7 7.1/en/os/SRPMS/rsync-2.4.6-13.src.rpm
   875db48b0b102ce4627a217a2596a903 7.1/en/os/SRPMS/vnc-3.3.3r2-18.3.src.rpm
   e4c9b7ea941c1b5f364aa4d57c06de68 7.1/en/os/SRPMS/zlib-1.1.3-25.7.src.rpm
   658d899deda0305388579b5912b31b4a 7.1/en/os/alpha/cvs-1.11.1p1-7.alpha.rpm
   15f1785a15fa6af59e5bacd4e8481ca7 7.1/en/os/alpha/dump-0.4b25-1.71.0.alpha.rpm
   0009a93f552453ff1d2c7116d20ef9fa 7.1/en/os/alpha/libgcj-2.96-24.1.alpha.rpm
   7e5ac3667bc8af8f3afb24fe949bacb4 7.1/en/os/alpha/libgcj-devel-2.96-24.1.alpha.rpm
   1a76be972370920200add9696662b194 7.1/en/os/alpha/rmt-0.4b25-1.71.0.alpha.rpm
   7f678187e558fa86744fba161756f0bd 7.1/en/os/alpha/rsync-2.4.6-13.alpha.rpm
   2d8a1da805e2d6521963ff99110bb843 7.1/en/os/alpha/vnc-3.3.3r2-18.3.alpha.rpm
   8f68b3f1ff1a0e897c1c221c9f9389ee 7.1/en/os/alpha/vnc-doc-3.3.3r2-18.3.alpha.rpm
   6463c1226edebdeb0494f20701cbcf29 7.1/en/os/alpha/vnc-server-3.3.3r2-18.3.alpha.rpm
   73352503d0864dbfa6db5369002fb0a1 7.1/en/os/alpha/zlib-1.1.3-25.7.alpha.rpm
   542159b445cc9d1f0d8636e374711f86 7.1/en/os/alpha/zlib-devel-1.1.3-25.7.alpha.rpm
   ce2644ac389d9aa9993fe010cb7f30c8 7.1/en/os/i386/cvs-1.11.1p1-7.i386.rpm
   725abeec86a049a239af670e005de99a 7.1/en/os/i386/dump-0.4b25-1.71.0.i386.rpm
   fd1c65551e77fc09837130cee54f4283 7.1/en/os/i386/libgcj-2.96-24.1.i386.rpm
   fd2186bc67d1e98f3e83ced9f0a84215 7.1/en/os/i386/libgcj-devel-2.96-24.1.i386.rpm
   6ff9579c4db5d4b1741f62b65d898ec4 7.1/en/os/i386/rmt-0.4b25-1.71.0.i386.rpm
   dd9003947e4ae34aff75ea48e5289332 7.1/en/os/i386/rsync-2.4.6-13.i386.rpm
   ff07ff43709ea26fff9849fbeb27c38d 7.1/en/os/i386/vnc-3.3.3r2-18.3.i386.rpm
   9ce73058c017df69bc12121db7999fa0 7.1/en/os/i386/vnc-doc-3.3.3r2-18.3.i386.rpm
   6d29cc38d6735b7ff2fb9ee4237bfbcd 7.1/en/os/i386/vnc-server-3.3.3r2-18.3.i386.rpm
   1c2a98b53ec5bd716b48d71643705055 7.1/en/os/i386/zlib-1.1.3-25.7.i386.rpm
   7f6840ee653f0b6e88d3fb28fa56eaf7 7.1/en/os/i386/zlib-devel-1.1.3-25.7.i386.rpm
   fb6a4a68f00df73a844c9f97ff06e685 7.1/en/os/ia64/cvs-1.11.1p1-7.ia64.rpm
   21cbc7f66c1d69e214fe4a4ffd87246d 7.1/en/os/ia64/dump-0.4b25-1.71.0.ia64.rpm
   8fbce5705bdf4803606cbc2d010a0471 7.1/en/os/ia64/rmt-0.4b25-1.71.0.ia64.rpm
   ca2438188203ebb25111c9b68807b802 7.1/en/os/ia64/rsync-2.4.6-13.ia64.rpm
   c18df65e9d3f26940d5b87691000816d 7.1/en/os/ia64/zlib-1.1.3-25.7.ia64.rpm
   45d6d5ba806017e3bd55bf31d9845e47 7.1/en/os/ia64/zlib-devel-1.1.3-25.7.ia64.rpm
   99430cfd805162cf26a1579117968599 7.2/en/os/SRPMS/binutils-2.11.90.0.8-12.src.rpm
   49cf09e03d1d51fb2571ac2287e1dcde 7.2/en/os/SRPMS/cvs-1.11.1p1-7.src.rpm
   29fdca4db6119162d5570d1ec25751e3 7.2/en/os/SRPMS/dump-0.4b25-1.72.0.src.rpm
   e74ad2d3942b5b4d65fe1563a4a81e3a 7.2/en/os/SRPMS/gcc3-3.0.4-1.src.rpm
   88d37abba63b0760bed46267547ccf63 7.2/en/os/SRPMS/libgcj-2.96-28.src.rpm
   b5d8794ea6fe06fdf6bf46829bae89d7 7.2/en/os/SRPMS/rsync-2.4.6-13.src.rpm
   875db48b0b102ce4627a217a2596a903 7.2/en/os/SRPMS/vnc-3.3.3r2-18.3.src.rpm
   e4c9b7ea941c1b5f364aa4d57c06de68 7.2/en/os/SRPMS/zlib-1.1.3-25.7.src.rpm
   d6113e1fd56cb3fe7211ff99e82d8a59 7.2/en/os/i386/binutils-2.11.90.0.8-12.i386.rpm
   ce2644ac389d9aa9993fe010cb7f30c8 7.2/en/os/i386/cvs-1.11.1p1-7.i386.rpm
   195e1eff9947649121bbc1c9be5dabf2 7.2/en/os/i386/dump-0.4b25-1.72.0.i386.rpm
   df1f93808417ce7edc44f6317483df5e 7.2/en/os/i386/gcc3-3.0.4-1.i386.rpm
   ca84b944123ddf8d8b99169f1e29064e 7.2/en/os/i386/gcc3-c++-3.0.4-1.i386.rpm
   aca54f53c5e43fb4b5bca9c7a398f995 7.2/en/os/i386/gcc3-g77-3.0.4-1.i386.rpm
   cb23be0b61cf368232232032295e03da 7.2/en/os/i386/gcc3-java-3.0.4-1.i386.rpm
   a33b5c220a98c25b5a922093e336471c 7.2/en/os/i386/gcc3-objc-3.0.4-1.i386.rpm
   e1e003d269a8c3b5784656b9baf01f61 7.2/en/os/i386/libgcc-3.0.4-1.i386.rpm
   d2536bb1878684ddeef62044f0818ff4 7.2/en/os/i386/libgcj-2.96-28.i386.rpm
   850146af72439bfcf428be2d6d20c69d 7.2/en/os/i386/libgcj-devel-2.96-28.i386.rpm
   9b387ac35bc0ed5b775d0e86aa08dd6d 7.2/en/os/i386/libgcj3-3.0.4-1.i386.rpm
   f71c536ee53f5f10d72167cf8bf60a66 7.2/en/os/i386/libgcj3-devel-3.0.4-1.i386.rpm
   49341cccfee62055fc1859f388b3dd2b 7.2/en/os/i386/libstdc++3-3.0.4-1.i386.rpm
   39775aac1be0eb7da93ed8d86387dabe 7.2/en/os/i386/libstdc++3-devel-3.0.4-1.i386.rpm
   d8a8dc76ff252ad07f41ee7ba65dbb54 7.2/en/os/i386/rmt-0.4b25-1.72.0.i386.rpm
   dd9003947e4ae34aff75ea48e5289332 7.2/en/os/i386/rsync-2.4.6-13.i386.rpm
   ff07ff43709ea26fff9849fbeb27c38d 7.2/en/os/i386/vnc-3.3.3r2-18.3.i386.rpm
   9ce73058c017df69bc12121db7999fa0 7.2/en/os/i386/vnc-doc-3.3.3r2-18.3.i386.rpm
   6d29cc38d6735b7ff2fb9ee4237bfbcd 7.2/en/os/i386/vnc-server-3.3.3r2-18.3.i386.rpm
   1c2a98b53ec5bd716b48d71643705055 7.2/en/os/i386/zlib-1.1.3-25.7.i386.rpm
   7f6840ee653f0b6e88d3fb28fa56eaf7 7.2/en/os/i386/zlib-devel-1.1.3-25.7.i386.rpm
   fb6a4a68f00df73a844c9f97ff06e685 7.2/en/os/ia64/cvs-1.11.1p1-7.ia64.rpm
   cb7d04f2d8b4e258bd091f457cb9724f 7.2/en/os/ia64/dump-0.4b25-1.72.0.ia64.rpm
   3428bc20426d416960a55be0aa397dba 7.2/en/os/ia64/gcc3-3.0.4-1.ia64.rpm
   673b0e9c4f1bacc50e8a7b7a2b42c147 7.2/en/os/ia64/gcc3-c++-3.0.4-1.ia64.rpm
   74ea5cfad282a6305f0adb7d18779903 7.2/en/os/ia64/gcc3-g77-3.0.4-1.ia64.rpm
   77b1c9ac7770ae85b85f5d2bccba9b04 7.2/en/os/ia64/gcc3-java-3.0.4-1.ia64.rpm
   88f9a06077989f2204fa708535d011e1 7.2/en/os/ia64/gcc3-objc-3.0.4-1.ia64.rpm
   b5246f28abb6fece6514d3d0b84575cc 7.2/en/os/ia64/libgcc-3.0.4-1.ia64.rpm
   9e30de4bca541895d14d0756eafc9666 7.2/en/os/ia64/libgcj3-3.0.4-1.ia64.rpm
   5eca8425b277341f3fcba5b3942b6549 7.2/en/os/ia64/libgcj3-devel-3.0.4-1.ia64.rpm
   080fc03db827f4b5007558c3c2dfadd4 7.2/en/os/ia64/libstdc++3-3.0.4-1.ia64.rpm
   15055c2133605fab6ad1b0d53176fe87 7.2/en/os/ia64/libstdc++3-devel-3.0.4-1.ia64.rpm
   bd2b196cf5e9d94dc335e2967c9d6f0a 7.2/en/os/ia64/rmt-0.4b25-1.72.0.ia64.rpm
   ca2438188203ebb25111c9b68807b802 7.2/en/os/ia64/rsync-2.4.6-13.ia64.rpm
   c18df65e9d3f26940d5b87691000816d 7.2/en/os/ia64/zlib-1.1.3-25.7.ia64.rpm
   45d6d5ba806017e3bd55bf31d9845e47 7.2/en/os/ia64/zlib-devel-1.1.3-25.7.ia64.rpm
   

   These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About

   You can verify each package with the following command:
   rpm --checksig

   If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
   rpm --checksig --nogpg

8. References: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0059 to the zlib issue. Red Hat would like to thank CERT/CC for their help in coordinating this issue with other vendors

   CVE -CVE-2002-0059 CVE -CVE-2002-0080 CVE -CVE-2002-0092 Bug 70594 – puzzling png loader crash

   Copyright(c) 2000, 2001, 2002 Red Hat, Inc.