Bugtraq mailing list archives
Re: security problem fixed in zlib 1.1.4
From: Neil W Rickert <rickert+bt () cs niu edu>
Date: Mon, 11 Mar 2002 19:13:12 -0600
Jean-loup Gailly <jloup () gzip org> wrote:
Zlib Advisory 2002-03-11 zlib Compression Library Corrupts malloc Data Structures via Double Free
A quick note. Checking the source code from ssh.com, it appears that ssh-1.2.33 comes with included zlib-1.0.4, and ssh-3.1.0 comes with included zlib-1.1.3 . Possibly both are vulnerable. With OpenSSH, you supply a separately installed zlib. Presumably versions compiled before today, including those built to handle the channel.c problem may be vulnerable to the zlib problem. It would be a sensible idea for people who compiled OpenSSH-3.1p1 last week to install the new zlib and rebuild OpenSSH. -NWR
Current thread:
- security problem fixed in zlib 1.1.4 Jean-loup Gailly (Mar 11)
- Re: security problem fixed in zlib 1.1.4 Neil W Rickert (Mar 12)