Security problem with zlib

Ronald J. Burk rhodes69 at
Sat Jul 9 04:45:23 CEST 2005

> On Fri, Jul 08, 2005 at 09:44:32AM +0200, Johan Wevers wrote:
>> David Shaw wrote:
>> >If you compile GnuPG on a system that has a zlib, the system zlib is
>> >used.  Your system zlib may or may not be vulnerable to the recent
>> >problem.  If your system zlib is vulnerable, then I strongly recommend
>> >that you upgrade :)
>> OK, so I assume GnuPG is exploitable with this bug. I assume it is only
>> vulnerable when deliberately corrupt data is fed into it, like with a
>> buffer overflow (I could not determine if the bug is a buffer overflow,
>> although the description suggested it)?
> Basically, yes.  It's unclear if the bug is exploitable beyond
> crashing the process that is using zlib, but the crash is certainly
> possible.
> Oddly, I haven't seen any mention of this on the zlib main web site -
> just on bugtraq and the CVE site.
> David

Interestingly, Fedora Core4  (And I assume other Linux distros) just rec'd
an upgrade patch today for zlib.  I guess this is for the bug.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list