Bug 61410 - sash is linked statically against a vulnerable zlib
Summary: sash is linked statically against a vulnerable zlib
Keywords:
Status: CLOSED DUPLICATE of bug 61299
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sash
Version: 6.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: wdovlrrw
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-03-19 10:27 UTC by Henning Schmiedehausen
Modified: 2007-04-18 16:41 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-03-19 10:27:43 UTC
Embargoed:


Attachments (Terms of Use)

Description Henning Schmiedehausen 2002-03-19 10:27:32 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
The sash binary is linked statically with a vulnerable zlib

Version-Release number of selected component (if applicable):
sash-3.4-2

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /sbin/sash
3. 
	

Actual Results:  /sbin/sash: inflate version: "1.1.3 Copyright 1995-1998 Mark Adler"
/sbin/sash: zlib cplens table, little endian
/sbin/sash: zlib cplext table (version 1.0.5 to 1.1.4)


Expected Results:  sash should not be linked with a vulnerable version of zlib

Additional info:

Name        : sash                         Relocations: (not relocateable)
Version     : 3.4                               Vendor: Red Hat, Inc.
Release     : 2                             Build Date: Mon Feb  7 17:33:09 2000
Install date: Wed Nov  1 18:36:26 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Shells     Source RPM: sash-3.4-2.src.rpm
Size        : 410294                           License: GPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A statically linked shell, including some built-in basic commands.
Description :
Sash is a simple, standalone, statically linked shell which includes
simplified versions of built-in commands like ls, dd and gzip.  Sash
is statically linked so that it can work without shared libraries, so
it is particularly useful for recovering from certain types of system
failures.  Sash can also be used to safely upgrade to new versions of
shared libraries.

Comment 1 Bernhard Rosenkraenzer 2002-03-19 12:17:04 UTC

*** This bug has been marked as a duplicate of 61299 ***


Note You need to log in before you can comment on or make changes to this bug.