[Techtalk] Re: Zlib vulnerability (fwd)
Mandi
mandi at linuxchick.org
Tue Mar 12 16:05:58 EST 2002
On Tue, 12 Mar 2002, Raven, corporate courtesan wrote:
...
>
> So, does anyone here know what actually uses zlib under Linux
> that would use static linking? I've no idea.
>
I've been trying to track that down for most of the day; mandrake finally
posted their stuff; SuSE's list was up this morning, and Red Hat had
theirs up yesterday.
some of the common culprits:
gpg
rsync
cvs
rrdtool
freeamp
netscape (still waiting for stuff from them)
vnc
the kernel
mandrake's gcc3.0 and gcc-2.96
mirrordir
ppp
chromium (mandrake something)
HDF
XFree86
Per mandrake's site,
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
some of these packages have been patched to be dynamically linked, but
they will need to be updated. A lot of them will still have their own
code for zlib in them that has been fixed.
see http://www.linuxsecurity.com for links to vendor's sites and more
info.
--mandi
More information about the Techtalk
mailing list