[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow

Fabio Massimo Di Nitto <fabbione@fabbione.net> wrote:
> afaik the zlib libs are included also in the kernel/net section.
> I didnt had time to go trough the source but from a fast search:

> ldev:/usr/src/linux# find . -name "zlib*" | grep net
> ./drivers/net/zlib.c
> ./drivers/net/zlib.h
> ./net/ipsec/zlib
> ./net/ipsec/zlib/zlib.h
> ./net/ipsec/zlib/zlib.a
> ldev:/usr/src/linux#

> that's from kernel-source-2.4.18 + freeswan patch

> From the Linuk kernel mailing list:

>> i closer to what I need. It seems most vendors have only patched
>> ppp's zlib implementation (drivers/net/zlib.c). I couldn't find
>> that particular patch in redhat update kernel .src.rpm, tough. I
>> guess I'll have to apply the zlib diff by hand.

|---- [RHSA-2002:026-35] Vulnerability in zlib library ----
| kernel: The Linux kernel internally contains several variants of
| zlib code. However, ppp compression is the only implementation that
| is used with untrusted data streams. This issue has been patched.
| New kernel errata packages are included for Red Hat Linux 6.2 and 7.
               cu andreas

Reply to: