Normally the FlightGear project isn't affected by or concerned with
various platform security problems or viruses, and because FlightGear
shouldn't need to be run suid root, typical security issues shouldn't
affect us.
However, a bug has been found in zlib-1.1.3 (which is distributed as a
convenience with SimGear.) Zlib-1.1.4 has been released to address
this security problem:
http://www.gzip.org/zlib/advisory-2002-03-11.txt
I have upgraded the zlib package in simgear's cvs repository and
future versions of SimGear will ship with at least zlib-1.1.4.
Most Linux/Unix/Cygwin people will likely want to install an updated
package from their OS 'vender' ... i.e. an .rpm, .deb, or .tar.gz as
soon as one becomes available.
People who have built and installed zlib-1.1.3 from SimGear for the
sole purpose of building FlightGear should have little to worry about,
but just to be safe, it wouldn't be a bad idea to upgrade your version
of zlib and rebuild simgear and flightgear (and any other applications
that you might have built against the older version of zlib.)
Again, this problem really doesn't affect flightgear/simgear/terragear
directly, but because zlib-1.1.3 adds a potential security hole to
security sensitive applications (i.e. network daemons, web servers,
etc.) I want to make sure the version we distribute is the latest.
Regards,
Curt.
--
Curtis Olson IVLab / HumanFIRST Program FlightGear Project
Twin Cities [EMAIL PROTECTED] [EMAIL PROTECTED]
Minnesota http://www.menet.umn.edu/~curt http://www.flightgear.org
_______________________________________________
Flightgear-devel mailing list
[EMAIL PROTECTED]
http://mail.flightgear.org/mailman/listinfo/flightgear-devel
