vulnerable zlib in testing?

Kevin P. Fleming kpfleming at linuxfromscratch.org
Sun Sep 12 09:17:04 PDT 2004


Matthew Burgess wrote:

> In addition, it would appear as if the linux kernel has an in-tree copy
> of zlib-1.1.3 (see linux-2.6.8.1/lib/zlib_inflate/inftrees.c).  Unless
> that version has a fix for
> http://www.gzip.org/zlib/advisory-2002-03-11.txt, then whatever kernel
> features need it would presumably be susceptible to that vulnerability
> too.

That fix was slipstreamed into the kernel version, without upgrading it 
to 1.1.4. I don't remember the exact reason why they chose that path, 
but I do remember it happened.



More information about the lfs-dev mailing list