Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Nov 2014, 07:21
All times are UTC - 4
 Forum index » House Training » Bugs ( Submit bugs )
zlib security bug
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [2 Posts]  
Author Message
Mathiasdm

Joined: 05 May 2005
Posts: 100

PostPosted: Thu 07 Jul 2005, 11:45    Post subject:  zlib security bug  

I don't know if zlib is used in puppy, but I thought I'd post it:

http://www.techworld.com/security/news/index.cfm?NewsID=3994

Gentoo Linux has warned of a serious, unpatched security flaw in zlib, a compression library widely used in Linux and Unix applications. The bug could be exploited to crash any application using zlib, and possibly to run malicious code on a system, security experts warned.

Separately, exploit code has appeared for a flaw affecting older versions of Firefox, increasing the risk of active attacks on the browser.

The bug affects zlib 1.2.2, and no patch is available from the zlib project. However, several Linux and Unix vendors immediately issued their own updates for the library, including Ubuntu, Red Hat, Gentoo, Suse, Debian and FreeBSD.

Tavis Ormandy of Gentoo's security audit team discovered the flaw, which the company said could be exploited remotely. "An attacker could construct a malformed data stream, embedding it within network communication or an application file format, potentially resulting in the execution of arbitrary code when decoded by the application using the zlib library," Gentoo said in an advisory.

Independent security firm Secunia said the bug was due to a boundary error in "inftrees.c" when handling corrupted compressed data streams. Secunia marked the flaw as "highly critical" rating, its second most serious rating.

Zlib 1.2.2 itself replaced version 1.2.1, which was affected by a less-serious bug allowing denial of service attacks. The new bug may also affect versions earlier than 1.2.2.
Back to top
View user's profile Send private message 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Fri 08 Jul 2005, 02:17    Post subject:  

Puppy seems to have zlib 1.1.4 ... /lib/libz.so.1.1.4
which shouldn't have that bug

though you can install the latest version if you like
i don't know if there would be compatibility problems or not ... i have it installed and haven't noticed any problems so far ... it's about 60k
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [2 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Bugs ( Submit bugs )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0480s ][ Queries: 12 (0.0129s) ][ GZIP on ]