Hello it went over several newstickers yesterday, there is a bug in zlib-1.1.3. Certain input confuses the memory management of zlib, which leads to crashes or worse, might lead to the execution of arbitrary code.
The full description is on: http://www.gzip.org/zlib/advisory-2002-03-11.txt There is a new version zlib-1.1.4, which fixes this problem. Unfortunatly there are some programs, which are statically linked to zlib, they have to be recompiled too. For a list of programs linking to zlib: http://www.gzip.org/zlib/apps.html Redhat has allready patches, including a patched kernel (kernel ppp compression is also using zlib): http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html This issue might be important enough for 8.2 final, although many packages will be touched. Fixing it via patches leaves a bad taste, you buy the latest Mandrake and the first thing to do is updating a bunch of RPMs. I'm writing this here, because I did not see any postings to this issue 'til now (maybe I missed something) and the zlib on my mirror still is version zlib-1.1.3-19mdk.src.rpm. I hope you will find a good solution. cu Michi
