Red Hat Bugzilla – Bug 62052
Does the netscape libflashplugin.so use an insecure zlib ??
Last modified: 2014-03-16 22:26:28 EDT
strings /usr/lib/netscape/plugins/libflashplayer.so | grep zlib
Doing a primitive check with objdump it appears to be an old version of zlib and
probably one with the holes.
Does anyone know if the netscape folks updated it to the new zlib ?
Since netscape hasn't updated anything yet, no, they haven't.
Putting in 'needinfo' as the closest thing we have to 'needsomeoneelse'ssoftware'.
Should we pull the netscape 4 package from 7.3 final ? Without a fix its plain
dangerous to go around shipping exploitable web browsers
Killed for 8.0 thankfully
Should this be closed then?
Leaving open since the flashplayer shipped with 7.2 and 7.3 is still vulnerable
to this issue. No exploits for the zlib issue in flashplayer have been spotted.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.