[ale] zlib security problem
Ken Kennedy
kkennedy at kenzoid.com
Mon Mar 11 20:59:59 EST 2002
On Mon, Mar 11, 2002 at 04:42:01PM -0500, jenn at colormaria.com wrote:
> >From what I understand it's a linux-specific zlib problem (zlib runs on may
> os's but free() is fubar'd on linux. i don't know what any of that means, I
> just repeat it). So it would affect all linux distros, from what I
> understand, not just RH.
Correct. There's even a place in the kernel code that's affected,
according to the RH release. Once you've updated your zlib, apps that
dynamically link to that library will be ok (after a
restart). Unfortunately, there are numerous apps running around
statically linked to a vulerable version of zlib. They'll have to be
replaced/rebuilt as well.
> Has anyone heard of any non-RPM's that patch this yet?? AFAIK, it hasn't
> even hit bugtraq yet, which I find odd.
Non-RPM's? You mean non-RPM-based distributions? Well, Debian has
already released a patch...
--
Ken Kennedy | http://www.kenzoid.com | kenzoid at io.com
PGP signature
More information about the Ale
mailing list