[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Double Free Bug in ZLIB Compression Library

Subject: Re: [cobalt-security] Double Free Bug in ZLIB Compression Library
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 13 Mar 2002 11:49:09 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Barbara,

> I may be wrong, but this vulnerability could turn out
> to be a biggie... If I'm not mistaken, this effects
> not only zlib, but most all of the following (if not
> others);
>
> * Apache
> * gd
> * libjpeg
> * libpng
> * libtiff
> * python
> * perl-Compress-Zlib
> * perl-DBD-MySQL
> * rpm
> * openssh
> * popt

Aside from that it most likely also affects the Kernel (Red Hat pointed to a 
new 2.2.19 Kernel for RedHat 6.2 in their Zlib advisory) and most third party 
software which uses Zlib. This *can* (but doesn't have to) include PHP-4.1.2 
if it has been built with Zlib support (mine always was built with that) and 
there is talk about OpenSSH possibly being vulnerable to it as well. Although 
in OpenSSH-3.1 it seems to be hard or unlikely to being exploited as it 
handles this particular problem in a more graceful fashion.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- [cobalt-security] MRTG showing wrong IN and OUT
  - From: Mez

References:
- [cobalt-security] Double Free Bug in ZLIB Compression Library
  - From: Barbara

Prev by Date: [cobalt-security] Double Free Bug in ZLIB Compression Library
Next by Date: RE: [cobalt-security] Double Free Bug in ZLIB Compression Library
Previous by thread: [cobalt-security] Double Free Bug in ZLIB Compression Library
Next by thread: [cobalt-security] MRTG showing wrong IN and OUT

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index