Conectiva Information for VU#368819

Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures



Vendor Statement

Conectiva Linux supported versions (5.0, 5.1, 6.0, 7.0, ferramentas gráficas and ecoomerce) are affected by the zlib vulnerability. Updates will be sent to our security mailing lists and be available at our ftp site and mirrors. The updates will include a new version of zlib itself and also other packages which include their own version of zlib or are linked statically to the system-wide copy of zlib.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Conectiva has released Conectiva Linux Security Announcements CLSA-2002:469, CLSA-2002:492, and CLSA-2002:493 to address this vulnerability. For more information, please see