Re: security problem fixed in zlib 1.1.4

From: Neil W Rickert (rickert+btat_private)
Date: Mon Mar 11 2002 - 17:13:12 PST

Next message: Darren Reed: "zlib & java"

Previous message: Ahmet Sabri ALPER: "[ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jean-loup Gailly <jloupat_private> wrote:

>Zlib Advisory 2002-03-11
>zlib Compression Library Corrupts malloc Data Structures via Double Free

A quick note.

Checking the source code from ssh.com, it appears that ssh-1.2.33
comes with included zlib-1.0.4, and ssh-3.1.0 comes with included
zlib-1.1.3 .

Possibly both are vulnerable.

With OpenSSH, you supply a separately installed zlib.  Presumably
versions compiled before today, including those built to handle
the channel.c problem may be vulnerable to the zlib problem.

It would be a sensible idea for people who compiled OpenSSH-3.1p1
last week to install the new zlib and rebuild OpenSSH.

 -NWR

Next message: Darren Reed: "zlib & java"
Previous message: Ahmet Sabri ALPER: "[ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 11:10:30 PST