Bug 61406 - rsync links statically with zlib
rsync links statically with zlib
Product: Red Hat Linux
Classification: Retired
Component: rsync (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Aaron Brown
: Security
Depends On:
  Show dependency treegraph
Reported: 2002-03-19 05:14 EST by Henning Schmiedehausen
Modified: 2014-03-16 22:26 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-19 05:14:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Henning Schmiedehausen 2002-03-19 05:14:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The zlib-scanner from Florian Weimer shows

/tmp/scanner.pl /usr/bin/rsync 
/usr/bin/rsync: inflate version: "1.1.2 Copyright 1995-1998 Mark Adler"
/usr/bin/rsync: zlib cplens table, little endian
/usr/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4)

rpm -qf /usr/bin/rsync

which is the current release for RH 6.2

so this binary is vulnerable to the zlib problem 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. get the zlib scanner
2. run it on /usr/bin/rsync

Actual Results:  rsync is linked statically to zlib 

Expected Results:  should be linked to a non-vulnerable version 

Additional info:
Comment 1 Bill Nottingham 2002-03-19 10:59:44 EST
Um, that's *why* rsync was part of the zlib errata. It contains the fix.
Comment 2 Bill Nottingham 2002-03-19 11:41:25 EST
FWIW, rsync uses a specially modified version of zlib; that's why it doesn't
link against the system one.

Note You need to log in before you can comment on or make changes to this bug.