Linux Today: Linux News On Internet Time.

LinuxSecurity.com: Significant Vulnerability [zlib] Afflicts Linux Systems

Mar 11, 2002, 21:12 (10 Talkback[s])

[ Thanks to Ned Ulbricht for this link. ]

"Today in a coordinated effort between all major Linux vendors, a vulnerability in the zlib library was announced, potentially affecting every installed Linux system in existance.

The vulnerability is rooted in the free() function and how it used. Quoting from the EnGarde Secure Linux advisory, "The zlib shared library may attempt to free() a memory region more then once, potentially yielding a system exploitable by certain programs that use it for decompression. Because certain packages include their own zlib implementation or statically link against the system zlib, several packages need to be updated to properly fix this bug."

Complete Story