Welcome to WebmasterWorld Guest from 54.242.231.210

Forum Moderators: bakedjake

Message Too Old, No Replies

Linux kernel, Netscape affected by major zlib security vulnerability

New security problem uncovered

     
12:41 am on Mar 12, 2002 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 8, 2001
posts:493
votes: 0


Here is the url explaining it.
[newsforge.com...]
12:57 am on Mar 12, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 17, 2000
posts:2924
votes: 0


The latest version of zlib (1.1.4) has the fix for applications that are dynamically linked. You could get it here [gzip.org]. I'll post when I come across some rpms with the fix.
5:41 am on Mar 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 17, 2000
posts:2924
votes: 0


Looks like Microsoft is also using zlib in some of there applications. Zlib is licensed under the BSD so they are within their legal rights to use the code.

The folks who maintain this code are doing a superb job at addressing this vulnerable. Check out:
[gzip.org...]

You'll find a list of programs that use zlib, and they wrote some scripts that will help you find the statically linked binaries.

So far there is just a source rpm available at rpmfind [rpmfind.net], I'm sure the binaries will be out soon.

6:14 am on Mar 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member littleman is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 17, 2000
posts:2924
votes: 0


Mandrake has a list of recompiled rpms with the security updates here [linux-mandrake.com]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members