Bug 1063

Summary:

Checking for zlib version 1.2.3

Product:

Portable OpenSSH

Reporter:

senthilkumar <senthilkumar_sen>

Component:

Build system

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

normal

Priority:

Version:

-current

Hardware:

All

OS:

All

URL:

http://www.zlib.net/

Attachments:

Description	Flags
Patch to make configure to exit on vulnerable Zlib version	none

Description senthilkumar 2005-07-27 16:38:06 AEST

The OpenSSH currently checks for zlib version 1.2.1.2 or up. But a buffer 
overflow  vulnerability exists in 1.2.x series versions 1.2.2 and below,  the 
fix is available in zlib version 1.2.3.

Comment 1 senthilkumar 2005-07-27 16:43:44 AEST

Created attachment 943 [details]
Patch to make configure to exit on vulnerable Zlib version

The attached patch against current snapshot makes the configure script to exit
on vulnerable Zlib version. Please let me know if there are any comments.

Comment 2 Darren Tucker 2005-07-27 18:47:46 AEST

Thanks, but it's a couple of days late :-)  From ChangeLog:

20050725
 - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.

Comment 3 Darren Tucker 2006-10-07 11:41:16 AEST

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.