[24688] in bugtraq
Re: [RHSA-2002:026-35] Vulnerability in zlib library
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Thu Mar 14 19:44:57 2002
Date: Wed, 13 Mar 2002 21:48:39 +0100 (MET)
From: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.44.0203121322260.29551-100000@debussy.ucsc.edu>
Message-ID: <20020313212047.2421.0@argo.troja.mff.cuni.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 12 Mar 2002, helmut g. katzgraber wrote:
> hm... when i look at the rpm list below i notice that redhat
> seems to be doing the same thing they did last time there was a
> big upgrade: issue new kernel rpms, forget about the kernel
> headers. while these might not change, several programs will barf
> if the directory in which the headers are, does not match the
> kernel version.... unless they put the headers now in the
> kernel, which i doubt. a quick check of the 6.2 kernel rpm
> kernel-2.2.19-6.2.15.alpha.rpm shows that
The most interesting thing is that zlib.c has not been touched since
2.2.19-6.2.12. As far as I can tell, the only changes between 6.2.12 and
6.2.15 are two small bugfixes: one for CIPE, another for debug traps (the
latter not mentioned in %changelog...bad RH! no biscuit!).
And to make things even more interesting, one file in the src.rpm,
ipvs-1.0.6-2.2.19.patch, contains a hunk looking a lot like a fix for
some double-free() problem zlib.c. But this patch is not used! They
use ipvs-1.0.8-2.2.19.patch which lacks this particular hunk!
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
