> What do you think about this ? > http://news.com.com/2100-1001-857008.html
Gerard: A fix is already available at http://www.gzip.org/zlib/ in version 1.1.4 of zlib. To quote CERT's review of the problem: Vulnerability Note VU#368819 Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures Overview There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code. It is important to note that the CERT/CC has not received any reports of exploitation of this bug. Based on the information available to us at this time, it is difficult to determine whether this bug can be successfully exploited. However, given the widespread deployment of zlib, we have published this document as a preventative measure. Regards, Jim Elliott - Linux Advocate, IBM Canada
