From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206 Description of problem: The zlib-scanner from Florian Weimer shows /tmp/scanner.pl /usr/bin/rsync /usr/bin/rsync: inflate version: "1.1.2 Copyright 1995-1998 Mark Adler" /usr/bin/rsync: zlib cplens table, little endian /usr/bin/rsync: zlib cplext table (version 1.0.5 to 1.1.4) rpm -qf /usr/bin/rsync rsync-2.4.6-3.6 which is the current release for RH 6.2 so this binary is vulnerable to the zlib problem Version-Release number of selected component (if applicable): rsync-2.4.6-3.6 How reproducible: Always Steps to Reproduce: 1. get the zlib scanner 2. run it on /usr/bin/rsync 3. Actual Results: rsync is linked statically to zlib Expected Results: should be linked to a non-vulnerable version Additional info:
Um, that's *why* rsync was part of the zlib errata. It contains the fix.
FWIW, rsync uses a specially modified version of zlib; that's why it doesn't link against the system one.