1063 – Checking for zlib version 1.2.3

Bug 1063 - Checking for zlib version 1.2.3

Summary: Checking for zlib version 1.2.3

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Build system (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:	http://www.zlib.net/
Keywords:

Depends on:
Blocks:

Reported:	2005-07-27 16:38 AEST by senthilkumar
Modified:	2006-10-07 11:41 AEST (History)
CC List:	0 users

See Also:

Attachments
Patch to make configure to exit on vulnerable Zlib version (897 bytes, patch) 2005-07-27 16:43 AEST, senthilkumar	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description senthilkumar 2005-07-27 16:38:06 AEST

The OpenSSH currently checks for zlib version 1.2.1.2 or up. But a buffer 
overflow  vulnerability exists in 1.2.x series versions 1.2.2 and below,  the 
fix is available in zlib version 1.2.3.

Comment 1 senthilkumar 2005-07-27 16:43:44 AEST

Created attachment 943 [details]
Patch to make configure to exit on vulnerable Zlib version

The attached patch against current snapshot makes the configure script to exit
on vulnerable Zlib version. Please let me know if there are any comments.

Comment 2 Darren Tucker 2005-07-27 18:47:46 AEST

Thanks, but it's a couple of days late :-)  From ChangeLog:

20050725
 - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.

Comment 3 Darren Tucker 2006-10-07 11:41:16 AEST

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.