[oclug] Ugly security hole...
David F. Skoll
dfs at roaringpenguin.com
Mon Mar 11 15:42:50 EST 2002
http://www.linuxsecurity.com/articles/security_sources_article-4582.html
This one's nasty -- a bug in "zlib", which is used all over the place.
Worse, some apps include their own statically-linked version of zlib,
so fixing the system library won't help (rsync, anyone?) Worst of
all, the same bug appears in the kernel -- if you use PPP compression,
you could be vulnerable.
Doh!
Download... compile... install... nosleep...
Regards,
David.
Roaring Penguin Software Inc. | http://www.roaringpenguin.com
GPG fingerprint: C523 771C 3710 0F54 B2D2 4B0D C6EF 6991 34AB 95BA
GPG public key: http://www.roaringpenguin.com/dskoll-key-2002.txt ID: 34AB95BA
More information about the OCLUG
mailing list