Re: zlib on Solaris?

From: Jan-Philip Velders (jpv@jpv.xs4all.nl)
Date: 03/17/02


Date: Sun, 17 Mar 2002 16:47:45 +0100 (CET)
From: Jan-Philip Velders <jpv@jpv.xs4all.nl>
To: Kalle Andersson <kan@virus112.com>


> Date: Tue, 12 Mar 2002 13:08:52 +0100
> From: Kalle Andersson <kan@virus112.com>
> To: focus-sun@securityfocus.org
> Subject: zlib on Solaris?

> Quick question, any info on if zlib can or can't cause problem on a solaris
> system?
> I haven't been able to find a yes or no on that question, just that the
> problem is primarily on Linux.

uhm... the problem is not Linux based...
a double-free can also be a problem on Solaris...

though the more prudent question is, which programs and/or services
use zlib and tkae untrusted datastreams ?

for example, are you gonna rebuild libpng, or openssl ?

at our site we've decided that stuff like openssl will get rebuild
and/or patched. But 'xv' for example won't... That'll be just
scheduled for "normal" rebuild on update...

> Best Regards

Regards,
JP Velders