Monday, July 11, 2005

Zlib Security Bug is Being Addressed

Zlib is a set of compression and decompression routines upon which many open source and proprietary applications depend. It has had problems before, but they've been fixed quickly. As usage of the library grows and it finds it's way into more applications, the flaws affect more and more of the software we use.

Most Linux and BSD distributions, some Microsoft products and many applications from all over use this set of functions. Gentoo, Debian, Mandriva and others have already issued patches. I urge anyone using Linux, BSD or any application which uses PNG (Portable Network Graphics) format images to check for updates pretty much continuously until they get one for this problem.

It is a hard vulnerability to exploit, but with the increasing sophistication of attackers, it WILL be exploited. Get your patches as fast as you possibly can.

Also, some older Microsoft products use this library of functions and are vulnerable. Watch for updates to them, as well.

Jack

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.