Sign up for the Mandrake Security Announce list: http://www.linux-mandrake.com/en/flists.php3
--- Michael Riss <[EMAIL PROTECTED]> wrote: > Hello > > it went over several newstickers yesterday, there is > a bug > in zlib-1.1.3. Certain input confuses the memory > management > of zlib, which leads to crashes or worse, might lead > to the > execution of arbitrary code. > > The full description is on: > > http://www.gzip.org/zlib/advisory-2002-03-11.txt > > There is a new version zlib-1.1.4, which fixes this > problem. > Unfortunatly there are some programs, which are > statically linked > to zlib, they have to be recompiled too. > For a list of programs linking to zlib: > > http://www.gzip.org/zlib/apps.html > > Redhat has allready patches, including a patched > kernel > (kernel ppp compression is also using zlib): > > http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html > > This issue might be important enough for 8.2 final, > although > many packages will be touched. Fixing it via patches > leaves a > bad taste, you buy the latest Mandrake and the first > thing to do > is updating a bunch of RPMs. > > I'm writing this here, because I did not see any > postings to this > issue 'til now (maybe I missed something) and the > zlib on my > mirror still is version zlib-1.1.3-19mdk.src.rpm. > > I hope you will find a good solution. > > > cu > Michi > __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/
