Red Hat Bugzilla – Bug 61299
static linked to flawed zib (possible security problem)
Last modified: 2007-04-18 12:40:59 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020310 Description of problem: Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: find-zlib script detects the zlib dependancy output: twisted:/sbin$ find-zlib sash sash: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler" sash: zlib cplens table, little endian sash: zlib cplext table (version 1.0.5 to 1.1.4) http://www.gzip.org/zlib/advisory-2002-03-11.txt http://www.gzip.org/zlib/find-zlib Additional info:
*** Bug 61410 has been marked as a duplicate of this bug. ***
This is not exploitable, therefore it's not a problem. sash is neither setuid nor networking, so all you get by "exploiting" it is a crashing application, giving you access to your own privileges.