ZLIB vulnerability
AthlonRob
athlonrobnf@cs.com
Fri Mar 15 21:55:01 2002
Does GnuPG actually include zlib itself, or does it just require you have
zlib on your system, and then utilize that?
I just downloaded and compiled zlib 1.1.4 along with GnuPG yesterday,
assuming GnuPG would use the updated zlib... was I mistaken?
----- Original Message -----
From: "Anton Stiglic" <astiglic@okiok.com>
To: <gnupg-users@gnupg.org>
Sent: Friday, March 15, 2002 11:45 AM
Subject: ZLIB vulnerability
>
> Hi all,
>
> this has maybe already been discussed here, but I haven't seen any mention
> of it on www.gnupg.org.
>
> A colleague of mine pointed out to me that there is a security
vulnerability
> with zlib version < 1.1.4.
> GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk.
>
> See
> http://www.gzip.org/zlib/advisory-2002-03-11.txt
>
>
> They suggested replacing older versions of zlib with zlib version 1.1.4,
> I would suggest a new version of GnuPG that comes with zlib v 1.1.4.
>
> --Anton
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>