From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206 Description of problem: The sash binary is linked statically with a vulnerable zlib Version-Release number of selected component (if applicable): sash-3.4-2 How reproducible: Always Steps to Reproduce: 1. get the zlib scanner from Florian Weimer 2. /tmp/scanner.pl /sbin/sash 3. Actual Results: /sbin/sash: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler" /sbin/sash: zlib cplens table, little endian /sbin/sash: zlib cplext table (version 1.0.5 to 1.1.4) Expected Results: sash should not be linked with a vulnerable version of zlib Additional info: Name : sash Relocations: (not relocateable) Version : 3.4 Vendor: Red Hat, Inc. Release : 2 Build Date: Mon Feb 7 17:33:09 2000 Install date: Wed Nov 1 18:36:26 2000 Build Host: porky.devel.redhat.com Group : System Environment/Shells Source RPM: sash-3.4-2.src.rpm Size : 410294 License: GPL Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : A statically linked shell, including some built-in basic commands. Description : Sash is a simple, standalone, statically linked shell which includes simplified versions of built-in commands like ls, dd and gzip. Sash is statically linked so that it can work without shared libraries, so it is particularly useful for recovering from certain types of system failures. Sash can also be used to safely upgrade to new versions of shared libraries.
*** This bug has been marked as a duplicate of 61299 ***