Dear list members:
Anyone knows about the gentoo linux security advisor labeled «GLSA
200507-05 / zlib»?
(More information can be founded at
http://www.gentoo.org/security/en/glsa/glsa-200507-05.xml )
The problem is a buffer overflow in zlib that permits the execution of
arbitrary code in the machine running a version of zlib lesser than
1.2.2-r1 (LFS 5.1.1 and LFS-6.0 compile Zlib-1.2.1)
The homepage of zlib (http://www.zlib.net) says nothing about this
problem or about a patch for it. When the patch or the new version will
be accessible, it will be easy to install it (see page 6.16 at LFS-6.0
and Chapter 6 at LFS 5.1.1).
The question is:
The zlib library is compiled in static and shared forms. Once it will be
updated, the shared versions will be accessible inmediately. But, the
programs compiled against the static version of this library remained
with the old (and vulnerable) version of the zlib library and must be
recompiled. But which are the programs of LFS and BLFS that are been
compiled against the static version of zlib library?
Thanks a lot in advance.
José Carlos Carrión Plaza
Universidad de Murcia
Murcia-España
--
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
