[24651] in bugtraq
Re: [RHSA-2002:026-35] Vulnerability in zlib library
daemon@ATHENA.MIT.EDU (helmut g. katzgraber)
Tue Mar 12 23:20:11 2002
Date: Tue, 12 Mar 2002 13:23:31 -0800 (PST)
From: "helmut g. katzgraber" <dummkopf@physics.ucsc.edu>
To: bugtraq@securityfocus.com, <redhat-watch-list@redhat.com>
Cc: linux-security@redhat.com
Message-ID: <Pine.LNX.4.44.0203121322260.29551-100000@debussy.ucsc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
hm... when i look at the rpm list below i notice that redhat
seems to be doing the same thing they did last time there was a
big upgrade: issue new kernel rpms, forget about the kernel
headers. while these might not change, several programs will barf
if the directory in which the headers are, does not match the
kernel version.... unless they put the headers now in the
kernel, which i doubt. a quick check of the 6.2 kernel rpm
kernel-2.2.19-6.2.15.alpha.rpm shows that
[debussy ~]$ rpm -qlf kernel-2.2.19-6.2.15.alpha.rpm | grep include
it does not contain header files. please redhat, provide the
necessary rpms (in time)...
i'd be careful to start patching without the headers. i'd be
careful without patching either...
h.
header of redhat advisory:
# ---------------------------------------------------------------------
# Red Hat, Inc. Red Hat Security Advisory
#
# Synopsis: Vulnerability in zlib library
# Advisory ID: RHSA-2002:026-35
# Issue date: 2002-02-11
# Updated on: 2002-03-11
# Product: Red Hat Linux
# Keywords: zlib double free
# Cross references: RHSA-2002:028 RHSA-2002:027
# Obsoletes:
# ---------------------------------------------------------------------
_______________________________________________________________
Dr. Helmut G. Katzgraber dummkopf@physics.ucdavis.edu
Department of Physics http://nacaq.ucdavis.edu/
University of California, Davis Phone: (+1) 530-752-9855
One Shields Ave, Davis, CA 95616 Fax: (+1) 530-752-4717
