Note: This is an archival copy of Security Sun Alert 228532 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017430.1.
Solaris 7 Operating System
Date of Workaround Release
Date of Resolved Release
Depending upon how and where the zlib routines are called from an application which links with zlib, the resulting vulnerability may result in a denial of service, information leakage, or execution of arbitrary code.
A large number of free applications and libraries have been identified as using zlib at http://www.gzip.org/zlib/apps.html. Some of this freeware is shipped on the Solaris 8 Software Companion CD.
This issue can occur in the following releases:
107648-02 through 107648-09 or 107078-19 or 108376-01 through 108376-36
107649-02 through 107649-09 or 107079-18 or 108377-01 through 108377-32
Notes 1: The vulnerable OpenWindows library (libz) was introduced into OpenWindows 3.6.1 in the feature patches listed above. Prior to installing the feature patch, OpenWindows 3.6.1 was not vulnerable.
Solaris 7 and earlier is not vulnerable to this issue as the Solaris libz library was not shipped in Solaris 7 and earlier.
Notes 2: The Web download version of GNOME 2.0 for Solaris 8 may install a vulnerable Solaris SUNWzlib package on systems which did not have the SUNWzlib package installed. Solaris 8 systems which were installed with the SUNWCprog, SUNWCuser, or SUNWCreq cluster do not include the SUNWzlib package. To determine which cluster was installed on a Solaris system, execute the following command:
$ cat /var/sadm/system/admin/CLUSTER
To ensure the security vulnerability is resolved, the patches mentioned above must be installed after a GNOME 2.0 installation. Solaris 9 with GNOME 2.0 is not affected.
An application which links with zlib may be able to be killed when handling untrusted zipped input. There are no reliable symptoms to show arbitrary code has been inserted into a running program linked with zlib and executed.
There is no workaround. Please see "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment