Home page logo

bugtraq logo Bugtraq mailing list archives

Re: security problem fixed in zlib 1.1.4
From: Neil W Rickert <rickert+bt () cs niu edu>
Date: Mon, 11 Mar 2002 19:13:12 -0600

Jean-loup Gailly <jloup () gzip org> wrote:

Zlib Advisory 2002-03-11
zlib Compression Library Corrupts malloc Data Structures via Double Free

A quick note.

Checking the source code from ssh.com, it appears that ssh-1.2.33
comes with included zlib-1.0.4, and ssh-3.1.0 comes with included
zlib-1.1.3 .

Possibly both are vulnerable.

With OpenSSH, you supply a separately installed zlib.  Presumably
versions compiled before today, including those built to handle
the channel.c problem may be vulnerable to the zlib problem.

It would be a sensible idea for people who compiled OpenSSH-3.1p1
last week to install the new zlib and rebuild OpenSSH.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]