"marcus miller" <[EMAIL PROTECTED]> wrote: > I have tried searching the cobalt user archives and can find no reference to > this problem. ( there is a post that comes up but it seems to be some kind > of flame! ) > > There is a new(ish) possible security hole relating to all packages that use > zlib. > > As to not spam this board the full details can be found here: > http://www.kb.cert.org/vuls/id/JPLA-57DKCV > > I would like to know if any of you are...... > a) aware of this
Yes. There were a lot of posts about it on the cobalt lists (among other places) the day it was announced. Check the archives for March 13 or so. > b) concerned by this Yes. > c) aware of a fix Install zlib-1.1.4 and recompile all of the software that uses zlib or grab versions that use the latest zlib. Many programs have versions relying on the latest zlib, others like gnupgp don't - at least not when I recompiled it a few weeks ago, which required modifying the gnupgp source. AFAIK, Cobalt hasn't released a zlib upgrade or patches for software that uses zlib. > I was recently made painfully aware of the errors of not keeping fully > up-to-date with the latest security measures so I would appreciate any > replies. Hundreds of programs use zlib. There's a list on the zlib homepage. I'd take a look and do an inventory of your server and see what's affected. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
