Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Pavel Kankovsky (peak@argo.troja.mff.cuni.cz)Date: 03/13/02
- Previous message: tele: "about zlib vulnerability"
- In reply to: helmut g. katzgraber: "Re: [RHSA-2002:026-35] Vulnerability in zlib library"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Mar 2002 21:48:39 +0100 (MET) From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> To: bugtraq@securityfocus.com
On Tue, 12 Mar 2002, helmut g. katzgraber wrote:
> hm... when i look at the rpm list below i notice that redhat
> seems to be doing the same thing they did last time there was a
> big upgrade: issue new kernel rpms, forget about the kernel
> headers. while these might not change, several programs will barf
> if the directory in which the headers are, does not match the
> kernel version.... unless they put the headers now in the
> kernel, which i doubt. a quick check of the 6.2 kernel rpm
> kernel-2.2.19-6.2.15.alpha.rpm shows that
The most interesting thing is that zlib.c has not been touched since
2.2.19-6.2.12. As far as I can tell, the only changes between 6.2.12 and
6.2.15 are two small bugfixes: one for CIPE, another for debug traps (the
latter not mentioned in %changelog...bad RH! no biscuit!).
And to make things even more interesting, one file in the src.rpm,
ipvs-1.0.6-2.2.19.patch, contains a hunk looking a lot like a fix for
some double-free() problem zlib.c. But this patch is not used! They
use ipvs-1.0.8-2.2.19.patch which lacks this particular hunk!
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Previous message: tele: "about zlib vulnerability"
- In reply to: helmut g. katzgraber: "Re: [RHSA-2002:026-35] Vulnerability in zlib library"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
