Bug 61410 - sash is linked statically against a vulnerable zlib
sash is linked statically against a vulnerable zlib
Status: CLOSED DUPLICATE of bug 61299
Product: Red Hat Linux
Classification: Retired
Component: sash (Show other bugs)
6.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-19 05:27 EST by Henning Schmiedehausen
Modified: 2007-04-18 12:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-03-19 05:27:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Henning Schmiedehausen 2002-03-19 05:27:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The sash binary is linked statically with a vulnerable zlib

Version-Release number of selected component (if applicable):
sash-3.4-2

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /sbin/sash
3. 
	

Actual Results:  /sbin/sash: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
/sbin/sash: zlib cplens table, little endian
/sbin/sash: zlib cplext table (version 1.0.5 to 1.1.4)


Expected Results:  sash should not be linked with a vulnerable version of zlib

Additional info:

Name        : sash                         Relocations: (not relocateable)
Version     : 3.4                               Vendor: Red Hat, Inc.
Release     : 2                             Build Date: Mon Feb  7 17:33:09 2000
Install date: Wed Nov  1 18:36:26 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Shells     Source RPM: sash-3.4-2.src.rpm
Size        : 410294                           License: GPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A statically linked shell, including some built-in basic commands.
Description :
Sash is a simple, standalone, statically linked shell which includes
simplified versions of built-in commands like ls, dd and gzip.  Sash
is statically linked so that it can work without shared libraries, so
it is particularly useful for recovering from certain types of system
failures.  Sash can also be used to safely upgrade to new versions of
shared libraries.
Comment 1 Bernhard Rosenkraenzer 2002-03-19 07:17:04 EST

*** This bug has been marked as a duplicate of 61299 ***

Note You need to log in before you can comment on or make changes to this bug.