---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Vulnerability in zlib library
Advisory ID:       RHSA-2002:026-43
Issue date:        2002-02-11
Updated on:        2002-03-21
Product:           Red Hat Linux
Keywords:          zlib double free
Cross references:  RHSA-2002:028 RHSA-2002:027
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

[Update 20 Mar 2002:
Added kernel packages for Red Hat Linux 6.2 on sparc64.  Updated VNC
packages as the previous fix caused another denial of service
vulnerability; thanks to Const Kaplinsky for reporting this]

[Update 14 Mar 2002: 
Updated kernel packages for Red Hat Linux 6.2 and 7.0 which were missing 
the zlib fix; added missing kernel-headers package for 6.2.]
 
The zlib library provides in-memory compression/decompression 
functions. The library is widely used throughout Linux and other 
operating 
systems. 
 
While performing tests on the gdk-pixbuf library, Matthias Clasen created 
an invalid PNG image that caused libpng to crash. Upon further 
investigation, this turned out to be a bug in zlib 1.1.3 where certain 
types of input will cause zlib to free the same area of memory twice 
(called a "double free"). 
 
This bug can be used to crash any program that takes untrusted 
compressed input. Web browsers or email programs that 
display image attachments or other programs that uncompress data are 
particularly affected. This vulnerability makes it easy to perform 
various 
denial-of-service attacks against such programs.  
 
It is also possible that an attacker could manage a more significant 
exploit, since the result of a double free is the corruption of the 
malloc() implementation's data structures. This could include running 
arbitrary code on local or remote systems. 
 
Most packages in Red Hat Linux use the shared zlib library and can be 
protected against vulnerability by updating to the errata zlib 
package. However, we have identified a number of packages in Red Hat 
Linux that either statically link to zlib or contain an internal 
version of zlib code. 
 
Although no exploits for this issue or these packages are currently 
known to exist, this is a serious vulnerability which could be 
locally or remotely exploited. All users should upgrade affected packages 
immediately. 
 
Additionally, if you have any programs that you have compiled yourself, 
you should check to see if they use zlib. If they link to the shared 
zlib library then they will not be vulnerable once the shared zlib 
library is updated to the errata package. However, if any programs that 
decompress arbitrary data statically link to zlib or use their own 
version 
of the zlib code internally, then they need to be patched or 
recompiled.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64

Red Hat Linux 7.0 - alpha, i386, i586, i686

Red Hat Linux 7.1 - alpha, i386, i586, i686, ia64

Red Hat Linux 7.2 - i386, i586, i686, ia64

3. Problem description:

The following details apply to the main Red Hat Linux distribution
only. Please see advisory RHSA-2002:027 for Powertools packages.

cvs: cvs is a version control system. The cvs package has been rebuilt to
link against the shared system zlib instead of the internal version. 

Additionally, cvs has been updated to version 1.11.1p1 for Red Hat Linux
6.2, 7.0 and 7.1 which also corrects a possible security vulnerability due
to an improperly initialized global variable. (CAN-2002-0092)

dump: The dump package contains programs for backing up and restoring
filesystems.  It links statically to zlib and has been rebuilt
against the errata zlib package.  Red Hat Linux 7, 7.1, and 7.2
packages have also been upgraded to dump-0.4b25, which includes
many non-security fixes.

gcc3: The gcc3 package contains the GNU Compiler Collection version
3.0. It has been updated to version 3.0.4 and patched to link against
the system zlib instead of the internal version.

libgcj: The libgcj package includes the Java runtime library, which is
needed to run Java programs compiled using the gcc Java compiler
(gcj).  libgcj has been patched to use the shared system zlib.

kernel: The Linux kernel internally contains several variants of zlib 
code. However, ppp compression is the only implementation that is used with
untrusted data streams.  This issue has been patched.  New kernel errata
packages are included for Red Hat Linux 6.2 and 7.  

Users of Red Hat Linux 7.1, or 7.2 should update to the currently
released kernel errata RHSA-2002-028 (2.4.9-31) which already contains this
fix.

Netscape Navigator: Users are advised to obtain an update from Netscape.

rsync: rsync is a program for synchronizing files over a network.
rsync uses a modified version of zlib internally. These errata
packages patch this internal version of zlib.

The rsync update package also fixes another security issue where rsync did
not call setgroups() before dropping the privileges of the connecting user.
Hence, it is possible for users to retain the group IDs of any supplemental
groups that rsync was started in (for example, supplementary groups of the
root user), allowing users to access files they may not otherwise be able
to access.  Thanks to Martin Pool and Andrew Tridgell for alerting us to
this issue. CAN-2002-0080.

VNC: VNC is a remote display system in Powertools 6.2.  VNC has been
patched to use the system zlib library.  

In addition, there is a small HTTP server implementation in the VNC server
which can be made to wait indefinitely for input, thereby freezing an
active VNC session. The VNC packages recommended by this advisory have
been patched to fix this issue. Users of VNC should be aware that the
program is designed for use on a trusted network.

zlib: The zlib library has been updated with a patch to fix the
aforementioned vulnerability.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (  for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
  
  
  
  
 

alpha: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

i586: 
  
 

i686: 
  
  
 

sparc: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

sparc64: 
  
  
  
 

Red Hat Linux 7.0:

SRPMS: 
  
  
  
  
  
  
 

alpha: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

i586: 
  
 

i686: 
  
  
 

Red Hat Linux 7.1:

SRPMS: 
  
  
  
  
 

alpha: 
  
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
 

ia64: 
  
  
  
 

Red Hat Linux 7.2:

SRPMS: 
  
  
  
  
  
  
  
 

i386: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

ia64: 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
8e02d134a33ac295dbd5106493fdda97 6.2/en/os/SRPMS/cvs-1.11.1p1-6.2.src.rpm
131b26079de78c6f0cac8b26a31113a7 6.2/en/os/SRPMS/dump-0.4b19-5.6x.1.src.rpm
26938884ef0e062068578b4b303537e5 6.2/en/os/SRPMS/kernel-2.2.19-6.2.16.src.rpm
01bcbc0059c5b502005ce06a5ef19160 6.2/en/os/SRPMS/rsync-2.4.6-3.6.src.rpm
b4e8df9d2506d9ae64c720f55a0bce59 6.2/en/os/SRPMS/zlib-1.1.3-25.6.src.rpm
f727e1db9a1dd6dab65770f8debf1492 6.2/en/os/alpha/cvs-1.11.1p1-6.2.alpha.rpm
632bf922df6f841683fbe3e83c374f74 6.2/en/os/alpha/dump-0.4b19-5.6x.1.alpha.rpm
922165e41e0bc5f65e082cc7094a9077 6.2/en/os/alpha/dump-static-0.4b19-5.6x.1.alpha.rpm
4e2f91caeba1058e1fc808a718933b9f 6.2/en/os/alpha/kernel-2.2.19-6.2.16.alpha.rpm
94d26771719d8a50150583336dd6ec9c 6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.16.alpha.rpm
eb3db443f4f7549681c85754711fb07e 6.2/en/os/alpha/kernel-doc-2.2.19-6.2.16.alpha.rpm
d3a495769695e91d4cbd58d4e4a0c8e7 6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.16.alpha.rpm
3f799957695505ce197b7b85acace001 6.2/en/os/alpha/kernel-headers-2.2.19-6.2.16.alpha.rpm
c5f219d1399b12d8259dc0771780a366 6.2/en/os/alpha/kernel-jensen-2.2.19-6.2.16.alpha.rpm
4455c82f09277fe0e8094a05d1b231ff 6.2/en/os/alpha/kernel-smp-2.2.19-6.2.16.alpha.rpm
aa2f2edf1d0eb7818d7fa94d09d2952b 6.2/en/os/alpha/kernel-source-2.2.19-6.2.16.alpha.rpm
7eb85e25a685628cd6795a452036ccd5 6.2/en/os/alpha/kernel-utils-2.2.19-6.2.16.alpha.rpm
e0c7f2d151e3d15c18913c090ecc316a 6.2/en/os/alpha/rmt-0.4b19-5.6x.1.alpha.rpm
863716a131bf5d87a16e458e69609d0a 6.2/en/os/alpha/rsync-2.4.6-3.6.alpha.rpm
8e1e3754359de96f9b719a3d6329fb44 6.2/en/os/alpha/zlib-1.1.3-25.6.alpha.rpm
8c479f77bd3148966031355912bf2647 6.2/en/os/alpha/zlib-devel-1.1.3-25.6.alpha.rpm
50599253cc0ace39a04b7c4a95d5febb 6.2/en/os/i386/cvs-1.11.1p1-6.2.i386.rpm
8ac9e87a40bdbc02c958e0a5acdbee5c 6.2/en/os/i386/dump-0.4b19-5.6x.1.i386.rpm
b2c4b6147e6fd29c6b4b7b00a21eebaa 6.2/en/os/i386/dump-static-0.4b19-5.6x.1.i386.rpm
dbe20cc5b591ae397889e605c078d9f3 6.2/en/os/i386/kernel-2.2.19-6.2.16.i386.rpm
7eef56265c3424fc85baaaa842cfe421 6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.16.i386.rpm
e9e980629440b46c7ec43088b2278051 6.2/en/os/i386/kernel-doc-2.2.19-6.2.16.i386.rpm
fa612845e970444fe2dc10ef540c3ad3 6.2/en/os/i386/kernel-headers-2.2.19-6.2.16.i386.rpm
f9bc4d463526c982b05abbe583913937 6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.16.i386.rpm
54458dfeb1fcf0c4e3a388522832eba5 6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.16.i386.rpm
c35659407f1ea0b47abd5dc4b171a3a8 6.2/en/os/i386/kernel-smp-2.2.19-6.2.16.i386.rpm
cfc3af77f316c662e7c4f3bc6e18f871 6.2/en/os/i386/kernel-source-2.2.19-6.2.16.i386.rpm
3511ba7f5472685129dcea83ecc91fe9 6.2/en/os/i386/kernel-utils-2.2.19-6.2.16.i386.rpm
d02d195b4adde793a74da493016a2f6a 6.2/en/os/i386/rmt-0.4b19-5.6x.1.i386.rpm
e9762ff858e4dd4d48fc1b5418681e19 6.2/en/os/i386/rsync-2.4.6-3.6.i386.rpm
d3e7293df89d9e74cea78e2556cb6ea4 6.2/en/os/i386/zlib-1.1.3-25.6.i386.rpm
c53b34ee09b9f44a346a144f80b81bd7 6.2/en/os/i386/zlib-devel-1.1.3-25.6.i386.rpm
a27e8e713a6d4906daf25e227905b23b 6.2/en/os/i586/kernel-2.2.19-6.2.16.i586.rpm
fcd539d8264feac26e97c4ba4df1bb0e 6.2/en/os/i586/kernel-smp-2.2.19-6.2.16.i586.rpm
8a49ce00bca307ecd00f4306d6e6f6eb 6.2/en/os/i686/kernel-2.2.19-6.2.16.i686.rpm
e27dbb30c5bd401df964906f569969fa 6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.16.i686.rpm
53f3f291a33c64f9df58074443406d8d 6.2/en/os/i686/kernel-smp-2.2.19-6.2.16.i686.rpm
0a73be9de7eef6df86f9a6231ce84250 6.2/en/os/sparc/cvs-1.11.1p1-6.2.sparc.rpm
4743fc86588f8d2550a94133b1b70526 6.2/en/os/sparc/dump-0.4b19-5.6x.1.sparc.rpm
9c0119c1a0e461ffe1437a4bd44aacd6 6.2/en/os/sparc/dump-static-0.4b19-5.6x.1.sparc.rpm
98cdb3e13f4be71fdd7a63c0e532aef9 6.2/en/os/sparc/kernel-2.2.19-6.2.16.sparc.rpm
bd596bd748b1c0c32d3a80b07350f773 6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.16.sparc.rpm
5baa4cd453d5f652a6872e4b77c7fe5a 6.2/en/os/sparc/kernel-doc-2.2.19-6.2.16.sparc.rpm
0aae46c7d3233c5fa20123511d2746e3 6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.16.sparc.rpm
d11d6f7af0040d1f47e33ac59bad7768 6.2/en/os/sparc/kernel-headers-2.2.19-6.2.16.sparc.rpm
7d62917ec4f53431a21bd7f1b774d586 6.2/en/os/sparc/kernel-smp-2.2.19-6.2.16.sparc.rpm
6ccf8b817498ae9d5022dca8f8cb703e 6.2/en/os/sparc/kernel-source-2.2.19-6.2.16.sparc.rpm
d34097fc0f35adfb0d8878a0a359c814 6.2/en/os/sparc/kernel-utils-2.2.19-6.2.16.sparc.rpm
a0b0518694524b85e22c335cb5bbb59d 6.2/en/os/sparc/rmt-0.4b19-5.6x.1.sparc.rpm
71d5f307993bf1c5c666b343a56d371f 6.2/en/os/sparc/rsync-2.4.6-3.6.sparc.rpm
4019dfa3b0a196ba8ce3af1a3dc0e8a4 6.2/en/os/sparc/zlib-1.1.3-25.6.sparc.rpm
4c1161a93f9d40983db0ae55545830f5 6.2/en/os/sparc/zlib-devel-1.1.3-25.6.sparc.rpm
1d2e1c234b632902fd29521816e6a550 6.2/en/os/sparc64/kernel-2.2.19-6.2.16.sparc64.rpm
4195082a407f604519d227660937264e 6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.16.sparc64.rpm
7d4d8676af4c5eb5cd687fdbc5a4a34a 6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.16.sparc64.rpm
ac084b792f83f8ec7714568889441f16 6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.16.sparc64.rpm
49cf09e03d1d51fb2571ac2287e1dcde 7.0/en/os/SRPMS/cvs-1.11.1p1-7.src.rpm
bccc5133d4080eab76d4c080775c7fe2 7.0/en/os/SRPMS/dump-0.4b25-1.70.0.src.rpm
ca6f54be72d846754a1d3eb1fb0b8823 7.0/en/os/SRPMS/kernel-2.2.19-7.0.16.src.rpm
b58ce67092cc40ac228e1af362e1324a 7.0/en/os/SRPMS/libgcj-2.96-24.1.src.rpm
b5d8794ea6fe06fdf6bf46829bae89d7 7.0/en/os/SRPMS/rsync-2.4.6-13.src.rpm
c6a2b05186340fc8d93fdc2c461d59e3 7.0/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
e4c9b7ea941c1b5f364aa4d57c06de68 7.0/en/os/SRPMS/zlib-1.1.3-25.7.src.rpm
658d899deda0305388579b5912b31b4a 7.0/en/os/alpha/cvs-1.11.1p1-7.alpha.rpm
68987e1d8f6c09bb927939da5c254688 7.0/en/os/alpha/dump-0.4b25-1.70.0.alpha.rpm
9899c8a5bb9138a9ddc49c1b69cd1403 7.0/en/os/alpha/kernel-2.2.19-7.0.16.alpha.rpm
ac3f02a730656194391fe7e65c2a3fbd 7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.16.alpha.rpm
604fafa24b5a4cb07c1605ecd5fd8362 7.0/en/os/alpha/kernel-doc-2.2.19-7.0.16.alpha.rpm
0e2e530df38351c2d7063402b71c66c9 7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.16.alpha.rpm
8186ec4e31e0ef77c3eaf1826277e0cf 7.0/en/os/alpha/kernel-jensen-2.2.19-7.0.16.alpha.rpm
f707b95f3eb1c3f1ca791e5f29846635 7.0/en/os/alpha/kernel-smp-2.2.19-7.0.16.alpha.rpm
538aa1459c7d8d1b3bcbc4d15841c73c 7.0/en/os/alpha/kernel-source-2.2.19-7.0.16.alpha.rpm
269a3996af4a1f26a9b5e537e25b7d50 7.0/en/os/alpha/kernel-utils-2.2.19-7.0.16.alpha.rpm
0009a93f552453ff1d2c7116d20ef9fa 7.0/en/os/alpha/libgcj-2.96-24.1.alpha.rpm
7e5ac3667bc8af8f3afb24fe949bacb4 7.0/en/os/alpha/libgcj-devel-2.96-24.1.alpha.rpm
7c0d97c7ad92859c5cf4a6c86e55f52d 7.0/en/os/alpha/rmt-0.4b25-1.70.0.alpha.rpm
7f678187e558fa86744fba161756f0bd 7.0/en/os/alpha/rsync-2.4.6-13.alpha.rpm
4c4949957a3e35a6a42c79e774509642 7.0/en/os/alpha/vnc-3.3.3r2-18.4.alpha.rpm
f4f4db92038bec6931787521d327c53c 7.0/en/os/alpha/vnc-doc-3.3.3r2-18.4.alpha.rpm
f4f6189b9f19f382fb9f3a86a219621c 7.0/en/os/alpha/vnc-server-3.3.3r2-18.4.alpha.rpm
73352503d0864dbfa6db5369002fb0a1 7.0/en/os/alpha/zlib-1.1.3-25.7.alpha.rpm
542159b445cc9d1f0d8636e374711f86 7.0/en/os/alpha/zlib-devel-1.1.3-25.7.alpha.rpm
ce2644ac389d9aa9993fe010cb7f30c8 7.0/en/os/i386/cvs-1.11.1p1-7.i386.rpm
07219be3485102a1b902d3968b3c4420 7.0/en/os/i386/dump-0.4b25-1.70.0.i386.rpm
6c673d7bdf5d6108a3ddaacdb18373ce 7.0/en/os/i386/kernel-2.2.19-7.0.16.i386.rpm
a7ecbe38220e9a720c67843e0cb79384 7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.16.i386.rpm
44468ff938bc6e41e361c39d0fa79771 7.0/en/os/i386/kernel-doc-2.2.19-7.0.16.i386.rpm
21a39c24c7a60d3efec3a7cffde41e5f 7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.16.i386.rpm
c4befc62350771ec8c9d65d0531f4ac2 7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.16.i386.rpm
64f338fe15bf56912886c479eb9bdca7 7.0/en/os/i386/kernel-smp-2.2.19-7.0.16.i386.rpm
9e693fd3ba64e809b83dcacdd8211086 7.0/en/os/i386/kernel-source-2.2.19-7.0.16.i386.rpm
1f30d36d357ec7057e6ca50b629a1845 7.0/en/os/i386/kernel-utils-2.2.19-7.0.16.i386.rpm
fd1c65551e77fc09837130cee54f4283 7.0/en/os/i386/libgcj-2.96-24.1.i386.rpm
fd2186bc67d1e98f3e83ced9f0a84215 7.0/en/os/i386/libgcj-devel-2.96-24.1.i386.rpm
a7c94e2d2fd3057f9c51e394b9488f19 7.0/en/os/i386/rmt-0.4b25-1.70.0.i386.rpm
dd9003947e4ae34aff75ea48e5289332 7.0/en/os/i386/rsync-2.4.6-13.i386.rpm
5a1e7fdd8b06998029bc4f1fe47392ef 7.0/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm
3f75e04cc69f2b9583ba069b6eaf4c3b 7.0/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm
6f488072da56a0001f2b5c9ac7c8b6ea 7.0/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm
1c2a98b53ec5bd716b48d71643705055 7.0/en/os/i386/zlib-1.1.3-25.7.i386.rpm
7f6840ee653f0b6e88d3fb28fa56eaf7 7.0/en/os/i386/zlib-devel-1.1.3-25.7.i386.rpm
6eb0eb01effd82649a3bdd4d0f2f0fa0 7.0/en/os/i586/kernel-2.2.19-7.0.16.i586.rpm
2e311b1a8fa7258b7a0cc56fb5075f0c 7.0/en/os/i586/kernel-smp-2.2.19-7.0.16.i586.rpm
f5a81ad5baaf7b4f09aa2a2fac7d22ef 7.0/en/os/i686/kernel-2.2.19-7.0.16.i686.rpm
10813b313637f6b65df98b2cbbc59657 7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.16.i686.rpm
e12d2b621a1211ee8ac20e6b08343ccc 7.0/en/os/i686/kernel-smp-2.2.19-7.0.16.i686.rpm
49cf09e03d1d51fb2571ac2287e1dcde 7.1/en/os/SRPMS/cvs-1.11.1p1-7.src.rpm
b58ce67092cc40ac228e1af362e1324a 7.1/en/os/SRPMS/libgcj-2.96-24.1.src.rpm
b5d8794ea6fe06fdf6bf46829bae89d7 7.1/en/os/SRPMS/rsync-2.4.6-13.src.rpm
c6a2b05186340fc8d93fdc2c461d59e3 7.1/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
e4c9b7ea941c1b5f364aa4d57c06de68 7.1/en/os/SRPMS/zlib-1.1.3-25.7.src.rpm
658d899deda0305388579b5912b31b4a 7.1/en/os/alpha/cvs-1.11.1p1-7.alpha.rpm
0009a93f552453ff1d2c7116d20ef9fa 7.1/en/os/alpha/libgcj-2.96-24.1.alpha.rpm
7e5ac3667bc8af8f3afb24fe949bacb4 7.1/en/os/alpha/libgcj-devel-2.96-24.1.alpha.rpm
7f678187e558fa86744fba161756f0bd 7.1/en/os/alpha/rsync-2.4.6-13.alpha.rpm
4c4949957a3e35a6a42c79e774509642 7.1/en/os/alpha/vnc-3.3.3r2-18.4.alpha.rpm
f4f4db92038bec6931787521d327c53c 7.1/en/os/alpha/vnc-doc-3.3.3r2-18.4.alpha.rpm
f4f6189b9f19f382fb9f3a86a219621c 7.1/en/os/alpha/vnc-server-3.3.3r2-18.4.alpha.rpm
73352503d0864dbfa6db5369002fb0a1 7.1/en/os/alpha/zlib-1.1.3-25.7.alpha.rpm
542159b445cc9d1f0d8636e374711f86 7.1/en/os/alpha/zlib-devel-1.1.3-25.7.alpha.rpm
ce2644ac389d9aa9993fe010cb7f30c8 7.1/en/os/i386/cvs-1.11.1p1-7.i386.rpm
fd1c65551e77fc09837130cee54f4283 7.1/en/os/i386/libgcj-2.96-24.1.i386.rpm
fd2186bc67d1e98f3e83ced9f0a84215 7.1/en/os/i386/libgcj-devel-2.96-24.1.i386.rpm
dd9003947e4ae34aff75ea48e5289332 7.1/en/os/i386/rsync-2.4.6-13.i386.rpm
5a1e7fdd8b06998029bc4f1fe47392ef 7.1/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm
3f75e04cc69f2b9583ba069b6eaf4c3b 7.1/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm
6f488072da56a0001f2b5c9ac7c8b6ea 7.1/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm
1c2a98b53ec5bd716b48d71643705055 7.1/en/os/i386/zlib-1.1.3-25.7.i386.rpm
7f6840ee653f0b6e88d3fb28fa56eaf7 7.1/en/os/i386/zlib-devel-1.1.3-25.7.i386.rpm
fb6a4a68f00df73a844c9f97ff06e685 7.1/en/os/ia64/cvs-1.11.1p1-7.ia64.rpm
ca2438188203ebb25111c9b68807b802 7.1/en/os/ia64/rsync-2.4.6-13.ia64.rpm
c18df65e9d3f26940d5b87691000816d 7.1/en/os/ia64/zlib-1.1.3-25.7.ia64.rpm
45d6d5ba806017e3bd55bf31d9845e47 7.1/en/os/ia64/zlib-devel-1.1.3-25.7.ia64.rpm
99430cfd805162cf26a1579117968599 7.2/en/os/SRPMS/binutils-2.11.90.0.8-12.src.rpm
49cf09e03d1d51fb2571ac2287e1dcde 7.2/en/os/SRPMS/cvs-1.11.1p1-7.src.rpm
29fdca4db6119162d5570d1ec25751e3 7.2/en/os/SRPMS/dump-0.4b25-1.72.0.src.rpm
e74ad2d3942b5b4d65fe1563a4a81e3a 7.2/en/os/SRPMS/gcc3-3.0.4-1.src.rpm
88d37abba63b0760bed46267547ccf63 7.2/en/os/SRPMS/libgcj-2.96-28.src.rpm
b5d8794ea6fe06fdf6bf46829bae89d7 7.2/en/os/SRPMS/rsync-2.4.6-13.src.rpm
c6a2b05186340fc8d93fdc2c461d59e3 7.2/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
e4c9b7ea941c1b5f364aa4d57c06de68 7.2/en/os/SRPMS/zlib-1.1.3-25.7.src.rpm
d6113e1fd56cb3fe7211ff99e82d8a59 7.2/en/os/i386/binutils-2.11.90.0.8-12.i386.rpm
ce2644ac389d9aa9993fe010cb7f30c8 7.2/en/os/i386/cvs-1.11.1p1-7.i386.rpm
195e1eff9947649121bbc1c9be5dabf2 7.2/en/os/i386/dump-0.4b25-1.72.0.i386.rpm
df1f93808417ce7edc44f6317483df5e 7.2/en/os/i386/gcc3-3.0.4-1.i386.rpm
ca84b944123ddf8d8b99169f1e29064e 7.2/en/os/i386/gcc3-c++-3.0.4-1.i386.rpm
aca54f53c5e43fb4b5bca9c7a398f995 7.2/en/os/i386/gcc3-g77-3.0.4-1.i386.rpm
cb23be0b61cf368232232032295e03da 7.2/en/os/i386/gcc3-java-3.0.4-1.i386.rpm
a33b5c220a98c25b5a922093e336471c 7.2/en/os/i386/gcc3-objc-3.0.4-1.i386.rpm
e1e003d269a8c3b5784656b9baf01f61 7.2/en/os/i386/libgcc-3.0.4-1.i386.rpm
d2536bb1878684ddeef62044f0818ff4 7.2/en/os/i386/libgcj-2.96-28.i386.rpm
850146af72439bfcf428be2d6d20c69d 7.2/en/os/i386/libgcj-devel-2.96-28.i386.rpm
9b387ac35bc0ed5b775d0e86aa08dd6d 7.2/en/os/i386/libgcj3-3.0.4-1.i386.rpm
f71c536ee53f5f10d72167cf8bf60a66 7.2/en/os/i386/libgcj3-devel-3.0.4-1.i386.rpm
49341cccfee62055fc1859f388b3dd2b 7.2/en/os/i386/libstdc++3-3.0.4-1.i386.rpm
39775aac1be0eb7da93ed8d86387dabe 7.2/en/os/i386/libstdc++3-devel-3.0.4-1.i386.rpm
d8a8dc76ff252ad07f41ee7ba65dbb54 7.2/en/os/i386/rmt-0.4b25-1.72.0.i386.rpm
dd9003947e4ae34aff75ea48e5289332 7.2/en/os/i386/rsync-2.4.6-13.i386.rpm
5a1e7fdd8b06998029bc4f1fe47392ef 7.2/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm
3f75e04cc69f2b9583ba069b6eaf4c3b 7.2/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm
6f488072da56a0001f2b5c9ac7c8b6ea 7.2/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm
1c2a98b53ec5bd716b48d71643705055 7.2/en/os/i386/zlib-1.1.3-25.7.i386.rpm
7f6840ee653f0b6e88d3fb28fa56eaf7 7.2/en/os/i386/zlib-devel-1.1.3-25.7.i386.rpm
fb6a4a68f00df73a844c9f97ff06e685 7.2/en/os/ia64/cvs-1.11.1p1-7.ia64.rpm
cb7d04f2d8b4e258bd091f457cb9724f 7.2/en/os/ia64/dump-0.4b25-1.72.0.ia64.rpm
3428bc20426d416960a55be0aa397dba 7.2/en/os/ia64/gcc3-3.0.4-1.ia64.rpm
673b0e9c4f1bacc50e8a7b7a2b42c147 7.2/en/os/ia64/gcc3-c++-3.0.4-1.ia64.rpm
74ea5cfad282a6305f0adb7d18779903 7.2/en/os/ia64/gcc3-g77-3.0.4-1.ia64.rpm
77b1c9ac7770ae85b85f5d2bccba9b04 7.2/en/os/ia64/gcc3-java-3.0.4-1.ia64.rpm
88f9a06077989f2204fa708535d011e1 7.2/en/os/ia64/gcc3-objc-3.0.4-1.ia64.rpm
b5246f28abb6fece6514d3d0b84575cc 7.2/en/os/ia64/libgcc-3.0.4-1.ia64.rpm
9e30de4bca541895d14d0756eafc9666 7.2/en/os/ia64/libgcj3-3.0.4-1.ia64.rpm
5eca8425b277341f3fcba5b3942b6549 7.2/en/os/ia64/libgcj3-devel-3.0.4-1.ia64.rpm
080fc03db827f4b5007558c3c2dfadd4 7.2/en/os/ia64/libstdc++3-3.0.4-1.ia64.rpm
15055c2133605fab6ad1b0d53176fe87 7.2/en/os/ia64/libstdc++3-devel-3.0.4-1.ia64.rpm
bd2b196cf5e9d94dc335e2967c9d6f0a 7.2/en/os/ia64/rmt-0.4b25-1.72.0.ia64.rpm
ca2438188203ebb25111c9b68807b802 7.2/en/os/ia64/rsync-2.4.6-13.ia64.rpm
c18df65e9d3f26940d5b87691000816d 7.2/en/os/ia64/zlib-1.1.3-25.7.ia64.rpm
45d6d5ba806017e3bd55bf31d9845e47 7.2/en/os/ia64/zlib-devel-1.1.3-25.7.ia64.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     About

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0059 to the zlib issue. Red Hat would like to
thank CERT/CC for their help in coordinating this issue with other vendors 
CVE -CVE-2002-0059 
CVE -CVE-2002-0080 
CVE -CVE-2002-0092 
Bug 70594 – puzzling png loader crash


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.