Security problem with zlib
Johan Wevers
johanw at vulcan.xs4all.nl
Fri Jul 8 09:44:32 CEST 2005
David Shaw wrote:
>If you compile GnuPG on a system that has a zlib, the system zlib is
>used. Your system zlib may or may not be vulnerable to the recent
>problem. If your system zlib is vulnerable, then I strongly recommend
>that you upgrade :)
OK, so I assume GnuPG is exploitable with this bug. I assume it is only
vulnerable when deliberately corrupt data is fed into it, like with a
buffer overflow (I could not determine if the bug is a buffer overflow,
although the description suggested it)?
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list