Bugtraq mailing list archives
Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Tomasz Ostrowski <tometzky () batory org pl>
Date: Wed, 13 Mar 2002 12:04:19 +0100
It seems that RedHat in its "Vulnerability in zlib library" advisory [1] has forgotten to write that a "rpm" program is staticly linked with zlib and needs to be recompiled. I have used find-zlib perl script [2] (linked from the zlib homepage [3]) to find out which programs use staticly linked zlib and got the following output on "rpm" binary: | rpm: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler" | rpm: zlib cplens table, little endian | rpm: zlib cplext table (version 1.0.5 to 1.1.4) [1] http://www.redhat.com/support/errata/RHSA-2002-026.html I think it was never posted to BugTraq [2] http://cert.uni-stuttgart.de/files/fw/find-zlib find-zlib - scan for zlib tables in compiled code Copyright (C) 2002 RUS-CERT, University of Stuttgart. Written by Florian Weimer <Weimer () CERT Uni-Stuttgart DE>. [3] http://www.gzip.org/zlib/ Sorry for my English... -- Best wishes ...although Eating Honey was a very good thing to do, Tometzky there was a moment just before you began to eat it which was better than when you were... Winnie the Pooh
Current thread:
- Re: [RHSA-2002:026-35] Vulnerability in zlib library helmut g. katzgraber (Mar 12)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Mark J Cox (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Pavel Kankovsky (Mar 14)
- <Possible follow-ups>
- [RHSA-2002:026-35] Vulnerability in zlib library bugzilla (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)