Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Michael Stone wrote:
-----BEGIN PGP SIGNED MESSAGE-----
- --------------------------------------------------------------------------
Debian Security Advisory DSA 122-1 security@debian.org
http://www.debian.org/security/ Michael Stone
March 11th, 2002
- --------------------------------------------------------------------------
Package : zlib, various
Vulnerability : malloc error (double free)
Problem-Type : potential remote root
Debian-specific: no
ppp 2.3.11-1.5
Hi all,
afaik the zlib libs are included also in the kernel/net section.
I didnt had time to go trough the source but from a fast search:
ldev:/usr/src/linux# find . -name "zlib*" | grep net
./drivers/net/zlib.c
./drivers/net/zlib.h
./net/ipsec/zlib
./net/ipsec/zlib/zlib.h
./net/ipsec/zlib/zlib.a
ldev:/usr/src/linux#
that's from kernel-source-2.4.18 + freeswan patch
From the Linuk kernel mailing list:
i closer to what I need. It seems most vendors have only patched ppp's zlib
implementation (drivers/net/zlib.c). I couldn't find that particular patch
in redhat update kernel .src.rpm, tough. I guess I'll have to apply the zlib
diff by hand.
Just my 2 euro cents
Fabio
Reply to: