On Mon, 18 Mar 2002, Marcus Denker wrote:
> On Fri, Mar 15, 2002 at 11:25:52PM +0000, John Hinsley wrote:
> > Zlib is the OpenSource compression library used in (at least) Linux, BDS and
> > Windows.
> > 
> > A bug has been discovered which potentially leaves a system open to root
> > exploits.
> > 
> The unix VM seems to contains the zlib sources. But it is only used
> for decompressing compressed images).

Well, it doesn't do much more in *nix (or Windows) generally. After all, Zlib
is "just" everyone's favourite compression library. I can't see many people
relying on Squeak as a way in, but anything linking to an unpatched Zlib is 
potentially hazardous/at risk. 

We're talking here of a kind of exploit that's extremely difficult to do, the
first time. Then the knowledge gets posted to the web and every script kiddy
can do it. Suddenly there are a lot of strange chmods going on, your Apache is
hosting a Korean porn site and your Sendmail is posting vbs worms to all and
sundry. Eeek!

More generally, if Alan Cox tells me it's urgent, it means "fit the damn patch
_now_!"

Cheers

John 
 -- 
They're afraid, very afraid......
According to CRN magazine, Microsoft staff discovering Linux in use
will have now access to a special 'escalation' team.
Now, where did I put that stake and mallet?
http://www.newsforge.com/article.pl?sid=02/01/16/0310222&mode=nocomment