Hewlett-Packard Company Information for VU#368819
Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures
- Vendor Information Help Date Notified: 22 Feb 2002
- Statement Date:
- Date Updated: 24 Jan 2003
Some HP-UX software (for example, X and lbxproxy) is linked with the 1.0.8 version of zlib. This version came before the introduction of the reported double free problem and is not vulnerable.
Other HP-UX software (for example, OpenSSH) is linked with the latest zlib (1.1.4) and is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
HP has published multiple HP Security Bulletins to address this issue:
- HPSBTL0204-037 Security vulnerability in audit subsystem
HPSBTL0204-036 Security vulnerabilities in the kernel
HPSBTL0204-030 Security vulnerability in zlib library
HPSBTL0203-029 Security vulnurabilty in openssh-clients
HPSBUX0211-0226 SSRT2146 Java Zlib compression libraries bug
For further information, please visit http://itrc.hp.com and search for the appropriate reference number. Please note that registration may be required to access these documents.
If you have feedback, comments, or additional information about this vulnerability, please send us email.