Security problem with zlib
David Shaw
dshaw at jabberwocky.com
Thu Jul 7 23:35:12 CEST 2005
On Thu, Jul 07, 2005 at 11:17:48PM +0200, Johan Wevers wrote:
> Hello,
>
> I just read on www.tweakers.net that there was a new security problem
> with zlib. Patches for several OSes are out and the maintainer has
> announced an update. Does this problem has any implication for GnuPG,
> like the previous hole, or is GnuPG safe?
Yes and no.
If you compile GnuPG on a system that has no zlib (or build with
--with-included-zlib), the zlib that is included with the GnuPG
distribution is used. This zlib is NOT vulnerable to the recent
problem.
If you compile GnuPG on a system that has a zlib, the system zlib is
used. Your system zlib may or may not be vulnerable to the recent
problem. If your system zlib is vulnerable, then I strongly recommend
that you upgrade :)
David
More information about the Gnupg-users
mailing list