Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Tomasz Ostrowski <tometzky () batory org pl>
Date: Wed, 13 Mar 2002 12:04:19 +0100

It seems that RedHat in its "Vulnerability in zlib library" advisory [1]
has forgotten to write that a "rpm" program is staticly linked with zlib
and needs to be recompiled.

I have used find-zlib perl script [2] (linked from the zlib homepage [3])
to find out which programs use staticly linked zlib and got the
following output on "rpm" binary:

| rpm: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
| rpm: zlib cplens table, little endian
| rpm: zlib cplext table (version 1.0.5 to 1.1.4)

[1] http://www.redhat.com/support/errata/RHSA-2002-026.html
        I think it was never posted to BugTraq

[2] http://cert.uni-stuttgart.de/files/fw/find-zlib
        find-zlib - scan for zlib tables in compiled code
        Copyright (C) 2002 RUS-CERT, University of Stuttgart.
        Written by Florian Weimer <Weimer () CERT Uni-Stuttgart DE>.

[3] http://www.gzip.org/zlib/

Sorry for my English...

Best wishes     ...although Eating Honey was a very good thing to do,
Tometzky        there was a moment just before you began to eat it
                which was better than when you were...
                                                      Winnie the Pooh

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]