Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Fabio Massimo Di Nitto <fabbione@fabbione.net> wrote:
[...]
> afaik the zlib libs are included also in the kernel/net section.
> I didnt had time to go trough the source but from a fast search:
> ldev:/usr/src/linux# find . -name "zlib*" | grep net
> ./drivers/net/zlib.c
> ./drivers/net/zlib.h
> ./net/ipsec/zlib
> ./net/ipsec/zlib/zlib.h
> ./net/ipsec/zlib/zlib.a
> ldev:/usr/src/linux#
> that's from kernel-source-2.4.18 + freeswan patch
> From the Linuk kernel mailing list:
>> i closer to what I need. It seems most vendors have only patched
>> ppp's zlib implementation (drivers/net/zlib.c). I couldn't find
>> that particular patch in redhat update kernel .src.rpm, tough. I
>> guess I'll have to apply the zlib diff by hand.
|---- [RHSA-2002:026-35] Vulnerability in zlib library ----
| kernel: The Linux kernel internally contains several variants of
| zlib code. However, ppp compression is the only implementation that
| is used with untrusted data streams. This issue has been patched.
| New kernel errata packages are included for Red Hat Linux 6.2 and 7.
|----------------------------------------------------------
cu andreas
Reply to: