Greetings! As it was announced today, there is a volnurability in zlib decompression algorithm with twice memory deallocation which leads to potential exploit when compressed data is organized in a special form. Look at http://www.linuxsecurity.com/articles/security_sources_article-4582.html for some details.
Midgard utilizes Zlib in its replication utility, Repligard, as default compression format. We link to it dynamically. Thus, on systems with vulnerable zlib, Midgard installations also vulnerable and an exploiter could gain priviledges under which repligard binary is running. This is not as serious as same bug in kernel's PPP code or X11, or Mozilla but don't underestimate it. There is nothing we could do to fix this. Please use an updated packages for Zlib from your vendor. Once an updated Zlib is installed, Repligard will be unvulnerable. This vulnerability was found at the very end of January, 2002 and most linux distributions are already fixed the problems in their testing branches of distributions so if you're using Debian Unstable, Mandrake Cooker, PLD, Rawhide, or ALT Linux Sisyphus, you're in safe conditions. Official announcement was planned for today and it is now under way, with different vendors releasing it around globe. I haven't seen yet security updates from RedHat, SuSE, Mandrake or Debian. Security alerts and updates for ALT Linux and EnGarde Secure Linux are available: EnGarde Secure Linux: http://www.linuxsecurity.com/advisories/other_advisory-1960.html ALT Linux (in Russian): http://altlinux.ru/pipermail/security-announce/2002-March/000030.html -- / Alexander Bokovoy Software architect and analyst // SaM-Solutions Ltd. --- Include me out. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
