Bugtraq mailing list archives
Re: [RHSA-2002:026-35] Vulnerability in zlib library
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Wed, 13 Mar 2002 21:48:39 +0100 (MET)
On Tue, 12 Mar 2002, helmut g. katzgraber wrote:
hm... when i look at the rpm list below i notice that redhat seems to be doing the same thing they did last time there was a big upgrade: issue new kernel rpms, forget about the kernel headers. while these might not change, several programs will barf if the directory in which the headers are, does not match the kernel version.... unless they put the headers now in the kernel, which i doubt. a quick check of the 6.2 kernel rpm kernel-2.2.19-6.2.15.alpha.rpm shows that
The most interesting thing is that zlib.c has not been touched since 2.2.19-6.2.12. As far as I can tell, the only changes between 6.2.12 and 6.2.15 are two small bugfixes: one for CIPE, another for debug traps (the latter not mentioned in %changelog...bad RH! no biscuit!). And to make things even more interesting, one file in the src.rpm, ipvs-1.0.6-2.2.19.patch, contains a hunk looking a lot like a fix for some double-free() problem zlib.c. But this patch is not used! They use ipvs-1.0.8-2.2.19.patch which lacks this particular hunk! --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: [RHSA-2002:026-35] Vulnerability in zlib library helmut g. katzgraber (Mar 12)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Mark J Cox (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Pavel Kankovsky (Mar 14)
- <Possible follow-ups>
- [RHSA-2002:026-35] Vulnerability in zlib library bugzilla (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)