zlib-1.1.4 out - security fix

Mark Hymers markh at linuxfromscratch.org
Mon Mar 11 11:44:49 PST 2002


On Mon, 11, Mar, 2002 at 12:34:22PM -0600, Steve Jones spoke thus..
> I just saw at newsforge that a security fix new release of zlib is now
> avialable.  It is on the web site yet but is is on the main ftp server. 
> I'll report back when I've had a chance to try it out.
I've cross posted this to lfs-security and blfs-support as the original
message was.  Follow up's should probably be to blfs-support only.

The advisory for zlib-1.1.3 is at:

http://www.zlib.org/advisory-2002-03-11.txt
Zlib Advisory 2002-03-11
zlib Compression Library Corrupts malloc Data Structures via Double Free

The new zlib (1.1.4) is at:

ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-1.1.4.tar.gz

Simplest solution seems to be to update zlib.  The existing BLFS
instructions work with the new package (although I'm going to change
them soon to incorporate the optimizations that Marc Heerdink drew to my
attention a while back).  I'm updating BLFS CVS as we speak.

Mark

-- 
Mark Hymers					BLFS Editor
markh at linuxfromscratch.org
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list