vulnerable zlib in testing?

Bruce Dubbs bdubbs at
Sun Sep 12 09:27:57 PDT 2004

Kevin P. Fleming wrote:

> Matthew Burgess wrote:
>> In addition, it would appear as if the linux kernel has an in-tree copy
>> of zlib-1.1.3 (see linux-  Unless
>> that version has a fix for
>>, then whatever kernel
>> features need it would presumably be susceptible to that vulnerability
>> too.
> That fix was slipstreamed into the kernel version, without upgrading 
> it to 1.1.4. I don't remember the exact reason why they chose that 
> path, but I do remember it happened.

On top of that, the ONLY call to zib there is when the kernel is built 
and then extracted upon boot.  I see no way to exploit the vulnerability.

  -- Bruce

More information about the lfs-dev mailing list