First Last Prev Next    This bug is not in your last search results.
Bug 61406 - rsync links statically with zlib
rsync links statically with zlib
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: rsync (Show other bugs)
6.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-19 05:14 EST by Henning Schmiedehausen
Modified: 2014-03-16 22:26 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-03-19 05:14:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Henning Schmiedehausen 2002-03-19 05:14:41 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The zlib-scanner from Florian Weimer shows

/tmp/scanner.pl /usr/bin/rsync 
/usr/bin/rsync: inflate version: "1.1.2 Copyright 1995-1998 Mark Adler"
/usr/bin/rsync: zlib cplens table, little endian
/usr/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4)

rpm -qf /usr/bin/rsync
rsync-2.4.6-3.6

which is the current release for RH 6.2

so this binary is vulnerable to the zlib problem 

Version-Release number of selected component (if applicable):
rsync-2.4.6-3.6


How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner
2. run it on /usr/bin/rsync
3.
	

Actual Results:  rsync is linked statically to zlib 

Expected Results:  should be linked to a non-vulnerable version 

Additional info:
Comment 1 Bill Nottingham 2002-03-19 10:59:44 EST 
Um, that's *why* rsync was part of the zlib errata. It contains the fix.
Comment 2 Bill Nottingham 2002-03-19 11:41:25 EST 
FWIW, rsync uses a specially modified version of zlib; that's why it doesn't
link against the system one.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.