[Techtalk] Zlib exploit
Raven, corporate courtesan
raven at oneeyedcrow.net
Tue Mar 12 13:39:39 EST 2002
Heya --
Quoth James (Tue, Mar 12, 2002 at 07:15:30AM -0500):
> I have a Debian testing (woody) system. I originally had zlib installed
> via apt. The zlib exploit came out and I compiled it from source and
> installed the latest fixed version.
Yeah -- I meant to mention this to the list, too. The hole:
http://www.gzip.org/zlib/advisory-2002-03-11.txt
The fix: Get and install the new zlib from here:
http://www.gzip.org/zlib/
> Now, is zlib I compiled really installed over the old one or are the two
> sitting in parallel? And I didn't break apt/dpkg forever by compiling
> it from source, did I? :)
It probably did install right over the old one; that's what my
Debian system did. Take a look at the timestamp on the files; that will
tell you. And no, you didn't break apt, but apt won't know about this
new version. When the patched version comes out for Debian you may have
to manually force an upgrade of that package, but after that you should
be fine again.
Cheers,
Raven
"Sed, sed, awk. Like duck, duck, goose. Sync, sync, halt. It's the
order of nature."
-- me, after too long a day at work
More information about the Techtalk
mailing list