Red Hat Inc. Information for VU#368819

Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures

Status

Affected

Vendor Statement

Red Hat Linux ships with a zlib library that is vulnerable to this issue. Although most packages in Red Hat Linux use the shared zlib library we have identified a number of packages that either statically link to zlib or contain an internal version of the zlib code.

Updates to zlib and these packages as well as our advisory note are available from the following URL. Users of the Red Hat Network can use the up2date tool to automatically upgrade their systems.


Red Hat would like to thank CERT/CC for their help in coordinating this issue with other vendors.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Red Hat has published information regarding this vulnerability at the following locations: