[ale] zlib security problem

[jenn at colormaria.com]

>From what I understand it's a linux-specific zlib problem (zlib runs on may

os's but free() is fubar'd on linux.  i don't know what any of that means, I
just repeat it).  So it would affect all linux distros, from what I
understand, not just RH.

Has anyone heard of any non-RPM's that patch this yet??  AFAIK, it hasn't
even hit bugtraq yet, which I find odd.

Very scary stuff.

jenn

> From slashdot come distressing news:
> 
>  "CNET is reporting that there is a buffer overflow problem  with zlib
> in linux, which is used for network compression. Supposedly, someone
> could remotely cause a buffer overflow through mozilla, X11 and many
> other programs." The advisory from Red Hat is available.
> 
> http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html has
> the advisory and links to the update packages for RedHat. I'm not sure
> if this is RedHat specific (I don't think so), but the security
> implications of hitting a crafted png image on a website and having a
> backdoor inserted is very unnerving.
> -- 
> James P. Kinney III   \Changing the mobile computing world/
> President and COO      \          one Linux user         /
> Local Net Solutions,LLC \           at a time.          /
> 770-493-8244             \.___________________________./
> 
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.