zlib bug
A Guy Called Tyketto
tyketto@wizard.com
Thu Mar 14 23:47:01 2002
--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Mar 15, 2002 at 06:10:59PM -0300, Renato Martini wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>=20
>=20
> I read just now the"CERT Advisory CA-2002-07 Double Free Bug in zlib Comp=
ression
> Library" - CA-2002-07, http://www.cert.org/advisories/CA-2002-07.html.
>=20
> The GnuPG uses the zlib library (release 1.1.3), and the
> systems affected are "any software that is linked to
> zlib 1.1.3 or earlier", or "data compression libraries derived from zli=
b 1.1.3 or
> earlier may contain a similar bug".
>=20
>=20
> The gpg is affected by this bug in zlib?
> The zlib library inside the GnuPG package or in the CVS will be changed?
I'm pretty sure Werner is including zlib 1.1.4 into the next releas=
e=20
(it would be safe to assume so, unless he says otherwise), but it would be =
in=20
one's best interest, to uninstall GnuPG, update your zlib, and recompile Gn=
uPG=20
against it. I played it safe and recompiled against zlib 1.1.4, so I know m=
y=20
binaries aren't affected by the bug.
Error on the side of caution, and be paranoid. ;)
BL.
--=20
Brad Littlejohn | Email: tyketto@wizard.com
Unix Systems Administrator, | tyketto@ozemail.com.au
Web + NewsMaster, BOFH.. Smeghead! :) | http://www.wizard.com/~tyketto
PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF
--7AUc2qLy4jB3hD7Z
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8kSdyyBkZmuMZ8L8RAtgxAKC5vHehrpW20GVwfKP1gko+HATgOwCglAl9
YWJS3ft1pzZZFos4vdAhzPI=
=kULK
-----END PGP SIGNATURE-----
--7AUc2qLy4jB3hD7Z--