[ale] zlib security problem

James P. Kinney III jkinney at localnetsolutions.com
Mon Mar 11 21:34:43 EST 2002


I never cease to be amazed with the sheer power of Linux!
I downloaded all the rpm's for the zlib upgrade into my RedHat upgrade
directory. Then realized I wanted to do an rpm -F.

rpm -Fvh ``find . -ctime 0 -print| sed s/^.$//`

did the upgrade of the newly grabbed rpm's. Then I wanted to dump them
to my wifes machine and upgrade hers as well.

scp `find . -ctime 0 -print| sed s/^.$//` wifemachine:

and finally the rpm upgrade itself

ssh wifemachine rpm -Fvh `find . -ctime 0 -print| sed s/^.$//`



On Mon, 2002-03-11 at 20:59, Ken Kennedy wrote:
> On Mon, Mar 11, 2002 at 04:42:01PM -0500, jenn at colormaria.com wrote:
> 
> > >From what I understand it's a linux-specific zlib problem (zlib runs on may
> > os's but free() is fubar'd on linux.  i don't know what any of that means, I
> > just repeat it).  So it would affect all linux distros, from what I
> > understand, not just RH.
> 
> Correct. There's even a place in the kernel code that's affected,
> according to the RH release. Once you've updated your zlib, apps that
> dynamically link to that library will be ok (after a
> restart). Unfortunately, there are numerous apps running around
> statically linked to a vulerable version of zlib. They'll have to be
> replaced/rebuilt as well. 
>  
> > Has anyone heard of any non-RPM's that patch this yet??  AFAIK, it hasn't
> > even hit bugtraq yet, which I find odd.
> 
> Non-RPM's? You mean non-RPM-based distributions? Well, Debian has
> already released a patch...
> 
> -- 
> 
> Ken Kennedy	| http://www.kenzoid.com	| kenzoid at io.com
-- 
James P. Kinney III   \Changing the mobile computing world/
President and COO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 



 This is a digitally signed message part




More information about the Ale mailing list