Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Wed, 13 Mar 2002 21:48:39 +0100 (MET)

On Tue, 12 Mar 2002, helmut g. katzgraber wrote:

hm... when i look at the rpm list below i notice that redhat 
seems to be doing the same thing they did last time there was a 
big upgrade: issue new kernel rpms, forget about the kernel 
headers. while these might not change, several programs will barf 
if the directory in which the headers are, does not match the 
kernel version.... unless they put the headers now in the 
kernel, which i doubt. a quick check of the 6.2 kernel rpm
kernel-2.2.19-6.2.15.alpha.rpm shows that

The most interesting thing is that zlib.c has not been touched since
2.2.19-6.2.12. As far as I can tell, the only changes between 6.2.12 and
6.2.15 are two small bugfixes: one for CIPE, another for debug traps (the
latter not mentioned in %changelog...bad RH! no biscuit!).

And to make things even more interesting, one file in the src.rpm,
ipvs-1.0.6-2.2.19.patch, contains a hunk looking a lot like a fix for
some double-free() problem zlib.c. But this patch is not used! They
use ipvs-1.0.8-2.2.19.patch which lacks this particular hunk!

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]