> I have used find-zlib perl script [2] (linked from the zlib homepage [3]) > to find out which programs use staticly linked zlib and got the > following output on "rpm" binary: But not all programs that make use of zlib are actually vulnerable in a useful way. zlib is only used in RPM for the payload which is only decompressed on package installation. Therefore as far as I can tell this could only be exploited if you are installing a trojan package. There are many easier ways for a trojan package to compromise your system. Cheers, Mark -- Mark J Cox / Red Hat / OpenSSL / Apache Software Foundation mjcat_private // T: +44 798 061 3110 / F: +44 845 333 9533
This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 19:58:57 PST