Red Hat Bugzilla – Bug 61406
rsync links statically with zlib
Last modified: 2014-03-16 22:26:12 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206
Description of problem:
The zlib-scanner from Florian Weimer shows
/usr/bin/rsync: inflate version: "1.1.2 Copyright 1995-1998 Mark Adler"
/usr/bin/rsync: zlib cplens table, little endian
/usr/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4)
rpm -qf /usr/bin/rsync
which is the current release for RH 6.2
so this binary is vulnerable to the zlib problem
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. get the zlib scanner
2. run it on /usr/bin/rsync
Actual Results: rsync is linked statically to zlib
Expected Results: should be linked to a non-vulnerable version
Um, that's *why* rsync was part of the zlib errata. It contains the fix.
FWIW, rsync uses a specially modified version of zlib; that's why it doesn't
link against the system one.