Zlib security heads up
John M McIntosh
johnmci at smalltalkconsulting.com
Sat Mar 16 00:43:06 UTC 2002
>Zlib is the OpenSource compression library used in (at least) Linux, BDS and
>Windows.
>
>A bug has been discovered which potentially leaves a system open to root
>exploits.
>
>Patches are available for all major Linux distros and, AFAIK, BSD. You should
BSD users should see http://www.cert.org/advisories/CA-2002-07.html#FreeBSD
and
http://groups.google.com/groups?hl=en&ie=ISO-8859-1&oe=ISO-8859-1&selm=a6jbr6%241dds%241%40FreeBSD.csie.NCTU.edu.tw
This also applies to OS-X apparently, an example I've tried gives
[otter:~/Documents/temp] johnmci% ./a
*** malloc[3175]: Deallocation of a pointer not malloced: 0x443c0;
This could be a double free(), or free() called with the middle of an
allocated block; Try setting environment variable MallocHelp to see
tools to help debug
mind intel targeted buffer overflows work poorly on ppc machines.
--
--
===========================================================================
John M. McIntosh <johnmci at smalltalkconsulting.com> 1-800-477-2659
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
===========================================================================
More information about the Squeak-dev
mailing list
|