Patch-ID# 115754-02 Keywords: security zlib zip buffer overflow gzprintf Synopsis: SunOS 5.9: zlib security Patch Date: Oct/21/2003 Install Requirements: None Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 115755 Topic: SunOS 5.9: zlib security Patch Relevant Architectures: sparc BugId's fixed with this patch: 4822658 4870078 Changes incorporated in this version: 4822658 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/include/zconf.h /usr/include/zlib.h /usr/lib/libz.so.1 /usr/lib/llib-lz /usr/lib/llib-lz.ln /usr/lib/sparcv9/libz.so.1 /usr/lib/sparcv9/llib-lz.ln /usr/share/src/zlib/ChangeLog /usr/share/src/zlib/FAQ /usr/share/src/zlib/INDEX /usr/share/src/zlib/Make_vms.com /usr/share/src/zlib/Makefile /usr/share/src/zlib/Makefile.in /usr/share/src/zlib/Makefile.riscos /usr/share/src/zlib/README /usr/share/src/zlib/README.sfw /usr/share/src/zlib/adler32.c /usr/share/src/zlib/algorithm.txt /usr/share/src/zlib/amiga/Makefile.pup /usr/share/src/zlib/amiga/Makefile.sas /usr/share/src/zlib/compress.c /usr/share/src/zlib/configure /usr/share/src/zlib/contrib/README.contrib /usr/share/src/zlib/contrib/asm386/gvmat32.asm /usr/share/src/zlib/contrib/asm386/gvmat32c.c /usr/share/src/zlib/contrib/asm386/mkgvmt32.bat /usr/share/src/zlib/contrib/asm386/zlibvc.def /usr/share/src/zlib/contrib/asm386/zlibvc.dsp /usr/share/src/zlib/contrib/asm386/zlibvc.dsw /usr/share/src/zlib/contrib/asm586/README.586 /usr/share/src/zlib/contrib/asm586/match.S /usr/share/src/zlib/contrib/asm686/README.686 /usr/share/src/zlib/contrib/asm686/match.S /usr/share/src/zlib/contrib/delphi/zlib.mak /usr/share/src/zlib/contrib/delphi/zlibdef.pas /usr/share/src/zlib/contrib/delphi2/d_zlib.bpr /usr/share/src/zlib/contrib/delphi2/d_zlib.cpp /usr/share/src/zlib/contrib/delphi2/readme.txt /usr/share/src/zlib/contrib/delphi2/zlib.bpg /usr/share/src/zlib/contrib/delphi2/zlib.bpr /usr/share/src/zlib/contrib/delphi2/zlib.cpp /usr/share/src/zlib/contrib/delphi2/zlib.pas /usr/share/src/zlib/contrib/delphi2/zlib32.bpr /usr/share/src/zlib/contrib/delphi2/zlib32.cpp /usr/share/src/zlib/contrib/iostream/test.cpp /usr/share/src/zlib/contrib/iostream/zfstream.cpp /usr/share/src/zlib/contrib/iostream/zfstream.h /usr/share/src/zlib/contrib/iostream2/zstream.h /usr/share/src/zlib/contrib/iostream2/zstream_test.cpp /usr/share/src/zlib/contrib/minizip/ChangeLogUnzip /usr/share/src/zlib/contrib/minizip/Makefile /usr/share/src/zlib/contrib/minizip/miniunz.c /usr/share/src/zlib/contrib/minizip/minizip.c /usr/share/src/zlib/contrib/minizip/readme.txt /usr/share/src/zlib/contrib/minizip/unzip.c /usr/share/src/zlib/contrib/minizip/unzip.def /usr/share/src/zlib/contrib/minizip/unzip.h /usr/share/src/zlib/contrib/minizip/zip.c /usr/share/src/zlib/contrib/minizip/zip.def /usr/share/src/zlib/contrib/minizip/zip.h /usr/share/src/zlib/contrib/minizip/zlibvc.def /usr/share/src/zlib/contrib/minizip/zlibvc.dsp /usr/share/src/zlib/contrib/minizip/zlibvc.dsw /usr/share/src/zlib/contrib/untgz/Makefile /usr/share/src/zlib/contrib/untgz/makefile.w32 /usr/share/src/zlib/contrib/untgz/untgz.c /usr/share/src/zlib/contrib/visual-basic.txt /usr/share/src/zlib/crc32.c /usr/share/src/zlib/deflate.c /usr/share/src/zlib/deflate.h /usr/share/src/zlib/descrip.mms /usr/share/src/zlib/example.c /usr/share/src/zlib/gzio.c /usr/share/src/zlib/infblock.c /usr/share/src/zlib/infblock.h /usr/share/src/zlib/infcodes.c /usr/share/src/zlib/infcodes.h /usr/share/src/zlib/inffast.c /usr/share/src/zlib/inffast.h /usr/share/src/zlib/inffixed.h /usr/share/src/zlib/inflate.c /usr/share/src/zlib/inftrees.c /usr/share/src/zlib/inftrees.h /usr/share/src/zlib/infutil.c /usr/share/src/zlib/infutil.h /usr/share/src/zlib/maketree.c /usr/share/src/zlib/minigzip.c /usr/share/src/zlib/msdos/Makefile.b32 /usr/share/src/zlib/msdos/Makefile.bor /usr/share/src/zlib/msdos/Makefile.dj2 /usr/share/src/zlib/msdos/Makefile.emx /usr/share/src/zlib/msdos/Makefile.msc /usr/share/src/zlib/msdos/Makefile.tc /usr/share/src/zlib/msdos/Makefile.w32 /usr/share/src/zlib/msdos/Makefile.wat /usr/share/src/zlib/msdos/zlib.def /usr/share/src/zlib/msdos/zlib.rc /usr/share/src/zlib/nt/Makefile.emx /usr/share/src/zlib/nt/Makefile.gcc /usr/share/src/zlib/nt/Makefile.nt /usr/share/src/zlib/nt/zlib.dnt /usr/share/src/zlib/os2/Makefile.os2 /usr/share/src/zlib/os2/zlib.def /usr/share/src/zlib/trees.c /usr/share/src/zlib/trees.h /usr/share/src/zlib/uncompr.c /usr/share/src/zlib/zconf.h /usr/share/src/zlib/zlib.3 /usr/share/src/zlib/zlib.h /usr/share/src/zlib/zlib.html /usr/share/src/zlib/zutil.c /usr/share/src/zlib/zutil.h Problem Description: 4822658 buffer overrun in zlib 1.1.4 security (Note the change for this issue in 115754-01 was not complete) (from 115754-01) 4822658 buffer overrun in zlib 1.1.4 security 4870078 Solaris zlib version is out of date: needs to patch security vulnerability Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete zlib man pages support, one needs to install the following patch: 114014-06 (or newer) libxml, libxslt and Freeware man pages patch README -- Last modified date: Tuesday, October 21, 2003