Compression bug puts Linux at risk

A bug in a popular compression library shipped with all major Linux distributions could put a majority of the installations of the operating system at risk.

Distributors of the major flavours of Linux, including Red Hat, Suse, Debian and Engarde, have rushed to release advisories on a problem in the Zlib compression library.

The glitch in the code may introduce vulnerabilities into any program that includes the affected library.

"Depending on how and where the Zlib routines are called from the given program, the resulting vulnerability may have one or more of the following impacts: denial of service, information leakage, or execution of arbitrary code," read the warning from the Zlib developers.

The vulnerability exists in the decompression algorithm used by the library. If an attacker is able to pass a specially crafted block of invalid compressed data to a program that includes Zlib, the program's attempt to decompress the crafted data can cause the Zlib routines to corrupt the internal data structures.

Investigators have tracked the bug down to a programming error that causes segments of dynamically allocated memory to be released more than once, an event known as a 'double free'.

"Because this vulnerability interferes with the proper allocation and de-allocation of dynamic memory, it may be possible for an attacker to influence the operation of programs that include Zlib," warned the advisory.

But although, in most circumstances, this influence will be limited to denial of service or information leakage, it is theoretically possible for an attacker to insert arbitrary code into a running program.

"This code would be executed with the permissions of the vulnerable program," the advisory said.

Users are advised to upgrade to version 1.1.4. More details are available here.