Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Mar 12, 2002

  • Red Hat Security Advisory: Vulnerability in zlib library (powertools) (Mar 12, 2002, 01:24)
    "The following details apply to the Powertools distribution only; for packages included with the main Red Hat Linux distribution please see advisory RHSA-2002:026."

  • Red Hat Security Advisory: zlib (Mar 12, 2002, 01:17)
    "Additionally, if you have any programs that you have compiled yourself, you should check to see if they use zlib. If they link to the shared zlib library then they will not be vulnerable once the shared zlib library is updated to the errata package. However, if any programs that decompress arbitrary data statically link to zlib or use their own version of the zlib code internally, then they need to be patched or recompiled."

  • SuSE Security Announcement: packages containing libz/zlib (Mar 12, 2002, 01:13)
    This is the second announcement in the tandem-announcement about libz/zlib: packages that link dynamically against the system-provided compression library and packages that contain the compression library in their own source distribution.

  • SuSE Security Announcement: libz/zlib (Mar 12, 2002, 01:11)
    "An error in a decompression routine can corrupt the internal data structures of malloc by a double call to the free() function. If the data processed by the compression library is provided from an untrusted source, it may be possible for an attacker to interfere with the process using the zlib routines."

  • Debian Security Advisory: zlib, various (Mar 12, 2002, 00:40)
    "The zlib vulnerability is fixed in the Debian zlib package version 1.1.3-5.1. A number of programs either link statically to zlib or include a private copy of zlib code. These programs must also be upgraded to eliminate the zlib vulnerability. The affected packages and fixed versions follow..."