[ale] zlib security problem
James P. Kinney III
jkinney at localnetsolutions.com
Mon Mar 11 21:34:43 EST 2002
I never cease to be amazed with the sheer power of Linux!
I downloaded all the rpm's for the zlib upgrade into my RedHat upgrade
directory. Then realized I wanted to do an rpm -F.
rpm -Fvh ``find . -ctime 0 -print| sed s/^.$//`
did the upgrade of the newly grabbed rpm's. Then I wanted to dump them
to my wifes machine and upgrade hers as well.
scp `find . -ctime 0 -print| sed s/^.$//` wifemachine:
and finally the rpm upgrade itself
ssh wifemachine rpm -Fvh `find . -ctime 0 -print| sed s/^.$//`
On Mon, 2002-03-11 at 20:59, Ken Kennedy wrote:
> On Mon, Mar 11, 2002 at 04:42:01PM -0500, jenn at colormaria.com wrote:
>
> > >From what I understand it's a linux-specific zlib problem (zlib runs on may
> > os's but free() is fubar'd on linux. i don't know what any of that means, I
> > just repeat it). So it would affect all linux distros, from what I
> > understand, not just RH.
>
> Correct. There's even a place in the kernel code that's affected,
> according to the RH release. Once you've updated your zlib, apps that
> dynamically link to that library will be ok (after a
> restart). Unfortunately, there are numerous apps running around
> statically linked to a vulerable version of zlib. They'll have to be
> replaced/rebuilt as well.
>
> > Has anyone heard of any non-RPM's that patch this yet?? AFAIK, it hasn't
> > even hit bugtraq yet, which I find odd.
>
> Non-RPM's? You mean non-RPM-based distributions? Well, Debian has
> already released a patch...
>
> --
>
> Ken Kennedy | http://www.kenzoid.com | kenzoid at io.com
--
James P. Kinney III \Changing the mobile computing world/
President and COO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list