[ale] zlib security problem
jenn at colormaria.com
jenn at colormaria.com
Mon Mar 11 16:42:01 EST 2002
>From what I understand it's a linux-specific zlib problem (zlib runs on may
os's but free() is fubar'd on linux. i don't know what any of that means, I
just repeat it). So it would affect all linux distros, from what I
understand, not just RH.
Has anyone heard of any non-RPM's that patch this yet?? AFAIK, it hasn't
even hit bugtraq yet, which I find odd.
Very scary stuff.
jenn
> From slashdot come distressing news:
>
> "CNET is reporting that there is a buffer overflow problem with zlib
> in linux, which is used for network compression. Supposedly, someone
> could remotely cause a buffer overflow through mozilla, X11 and many
> other programs." The advisory from Red Hat is available.
>
> http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html has
> the advisory and links to the update packages for RedHat. I'm not sure
> if this is RedHat specific (I don't think so), but the security
> implications of hitting a crafted png image on a website and having a
> backdoor inserted is very unnerving.
> --
> James P. Kinney III \Changing the mobile computing world/
> President and COO \ one Linux user /
> Local Net Solutions,LLC \ at a time. /
> 770-493-8244 \.___________________________./
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list