From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206 Description of problem: /usr/sbin/pppdump is statically linked to a vulnerable zlib Version-Release number of selected component (if applicable): 2.3.11-4 How reproducible: Always Steps to Reproduce: 1. get the zlib scanner from Florian Weimer 2. /tmp/scanner.pl /usr/sbin/pppdump 3. Actual Results: /usr/sbin/pppdump: zlib cplens table, little endian /usr/sbin/pppdump: zlib cplext table (version 0.93 to 1.0.4) Expected Results: ppp should not be linked to a (stone age) zlib which is vulnerable to the overflow bug Additional info: Name : ppp Relocations: (not relocateable) Version : 2.3.11 Vendor: Red Hat, Inc. Release : 4 Build Date: Tue Mar 7 16:25:02 2000 Install date: Wed Nov 1 19:26:18 2000 Build Host: porky.devel.redhat.com Group : System Environment/Daemons Source RPM: ppp-2.3.11-4.src.rpm Size : 340494 License: distributable Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : The PPP (Point-to-Point Protocol) daemon. Description : The ppp package contains the PPP (Point-to-Point Protocol) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP (Internet Service Provider) or other organization over a modem and phone line.
Either this should be moved to a newer (supported) product or closed as fixed I think? The ppp errata from RHL 7.2 does not have this problem if I'm not mistaken.
Issue affects Red Hat Linux 7.1