Reply With QuoteDamn it. Thats pretty serious.
A flaw in a software-compression library used in all versions of Linux could leave the lion's share of systems based on the open-source operating system open to attack, said sources in the security community on Monday.
http://zdnet.com.com/2100-1104-857031.html
Damn it. Thats pretty serious.
zlib has been patched allready. Please update ASAP with your favorite binary package manager OR get the latest source from zlib and remove traces of the old install.
that was fast
Welcome to the world of open source, friend
--edit--
Hmmmm, read the talkbacks on that article, it's major FUD.
First of all, this exploit affects every OS using zlib, not just linux. Yes, that includes windows.
Secondly, even if this is any kind of major exploit, worst case scenario for a linux user is that you lose your personal files: unless you ran the exploit code as root, your system is unharmed. In windows everybody is root and the exploit would be much, much more catastrophic.
Thirdly, even if this is a major exploit, the fix was released the same day the exploit was discovered. There is an exploit for IE5.5 that allows any HTML file to run any arbitrary code even when scripting is disabled and security settings are maxed out in the browser. It has been weeks, if not months, and MS hasn't even acknowledged that the exploit exists.
Chalk another victory up for Open Source, boys.
Not really. It affects all GNU-based OSes. It has to do with the way glibc handles malloc(), not something in zlib specifically. glibc does not do well when memory if free()'ed more than once, and that's the source of the problem. It should be noted that glibc does have a way of dealing with this problem, but it is a little obscure, and the gcc dev. team does say that it's not very efficient.Welcome to the world of open source, friend
--edit--
Hmmmm, read the talkbacks on that article, it's major FUD.
First of all, this exploit affects every OS using zlib, not just linux. Yes, that includes windows.
This exploit is not exactly the easiest exploit in the world. Far from it. The exploit mentioned is actually very difficult to take advantage of, but if it was, it could be serious.Secondly, even if this is any kind of major exploit, worst case scenario for a linux user is that you lose your personal files: unless you ran the exploit code as root, your system is unharmed. In windows everybody is root and the exploit would be much, much more catastrophic.
Correct, OpenBSD was not vulnurable to the attack.
Thank god for source access and peer review.
at any time
Linux > Windows
Feztaa-- You included a link to my site in your post! Howd you find my site? Just curious because it was so weird I just put the site up 2 days ago and theres a link to it! It was pretty cool, thanks
cloverm found it very quickly, there's a thank you in member to member for the link to LJR.Feztaa-- You included a link to my site in your post! Howd you find my site? Just curious because it was so weird I just put the site up 2 days ago and theres a link to it! It was pretty cool, thanks
if this affects windows as well would anyone like to start a sweepstake on when they fix it?
Posting Permissions
Bookmarks