zlib-1.1.4 out - security fix

Matthias Benkmann matthias at winterdrache.de
Tue Mar 12 11:33:33 PST 2002


On Mon, 11 Mar 2002 16:43:41 -0600 Michael Grice <grice at binc.net> wrote:

> * Ryan M. McConahy <jfanonymous at yahoo.com> [020311 16:36] wrote:
> > How about someone writing a script that'll search through
> > /usr/src and find all volnurable packages? I mean, there's
> > got to be more affected than just the base LFS packages,
> > come on!
> 
> Well, something like this should find all the include files which
> reference zlib.h:

This doesn't find packages that include a private copy of zlib without the
header. I would grep for the actual buggy source line from zlib (with some
context to make it unique). That way you can be sure you catch even
packages that just ripped out the buggy part from zlib.

MSB

-- 
Join the Army, meet interesting people, kill them.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list