Welcome to our website
zlib Update for Mandrake
Posted by philipp on: 03/19/2003 01:20 PM [ Print | 0 comment(s) ]
MandrakeSoft has released zlib update for Mandrake Linux 7.2 - 9.0
Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3).