|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tomasz Ostrowski (tometzky
batory.org.pl)Date: Wed Mar 13 2002 - 05:04:19 CST
It seems that RedHat in its "Vulnerability in zlib library" advisory [1]
has forgotten to write that a "rpm" program is staticly linked with zlib
and needs to be recompiled.
I have used find-zlib perl script [2] (linked from the zlib homepage [3])
to find out which programs use staticly linked zlib and got the
following output on "rpm" binary:
| rpm: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
| rpm: zlib cplens table, little endian
| rpm: zlib cplext table (version 1.0.5 to 1.1.4)
[1] http://www.redhat.com/support/errata/RHSA-2002-026.html
I think it was never posted to BugTraq
[2] http://cert.uni-stuttgart.de/files/fw/find-zlib
find-zlib - scan for zlib tables in compiled code
Copyright (C) 2002 RUS-CERT, University of Stuttgart.
Written by Florian Weimer <WeimerCERT.Uni-Stuttgart.DE>.
Sorry for my English...
--
Best wishes ...although Eating Honey was a very good thing to do,
Tometzky there was a moment just before you began to eat it
which was better than when you were...
Winnie the Pooh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]