Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 02 Jul 2015, 01:42
All times are UTC - 4
 Forum index » House Training » Bugs ( Submit bugs )
zlib security bug
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message

Joined: 05 May 2005
Posts: 100

PostPosted: Thu 07 Jul 2005, 11:45    Post_subject:  zlib security bug  

I don't know if zlib is used in puppy, but I thought I'd post it:


Gentoo Linux has warned of a serious, unpatched security flaw in zlib, a compression library widely used in Linux and Unix applications. The bug could be exploited to crash any application using zlib, and possibly to run malicious code on a system, security experts warned.

Separately, exploit code has appeared for a flaw affecting older versions of Firefox, increasing the risk of active attacks on the browser.

The bug affects zlib 1.2.2, and no patch is available from the zlib project. However, several Linux and Unix vendors immediately issued their own updates for the library, including Ubuntu, Red Hat, Gentoo, Suse, Debian and FreeBSD.

Tavis Ormandy of Gentoo's security audit team discovered the flaw, which the company said could be exploited remotely. "An attacker could construct a malformed data stream, embedding it within network communication or an application file format, potentially resulting in the execution of arbitrary code when decoded by the application using the zlib library," Gentoo said in an advisory.

Independent security firm Secunia said the bug was due to a boundary error in "inftrees.c" when handling corrupted compressed data streams. Secunia marked the flaw as "highly critical" rating, its second most serious rating.

Zlib 1.2.2 itself replaced version 1.2.1, which was affected by a less-serious bug allowing denial of service attacks. The new bug may also affect versions earlier than 1.2.2.
Back to top
View user's profile Send_private_message 
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Fri 08 Jul 2005, 02:17    Post_subject:  

Puppy seems to have zlib 1.1.4 ... /lib/libz.so.1.1.4
which shouldn't have that bug

though you can install the latest version if you like
i don't know if there would be compatibility problems or not ... i have it installed and haven't noticed any problems so far ... it's about 60k
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » House Training » Bugs ( Submit bugs )
Jump to:  

You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0943s ][ Queries: 11 (0.0064s) ][ GZIP on ]