Hi Barbara, > I may be wrong, but this vulnerability could turn out > to be a biggie... If I'm not mistaken, this effects > not only zlib, but most all of the following (if not > others); > > * Apache > * gd > * libjpeg > * libpng > * libtiff > * python > * perl-Compress-Zlib > * perl-DBD-MySQL > * rpm > * openssh > * popt
Aside from that it most likely also affects the Kernel (Red Hat pointed to a new 2.2.19 Kernel for RedHat 6.2 in their Zlib advisory) and most third party software which uses Zlib. This *can* (but doesn't have to) include PHP-4.1.2 if it has been built with Zlib support (mine always was built with that) and there is talk about OpenSSH possibly being vulnerable to it as well. Although in OpenSSH-3.1 it seems to be hard or unlikely to being exploited as it handles this particular problem in a more graceful fashion. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
