Re: Zlib vulnerability heads-up.
Greg Copeland <greg@copelandconsulting.net>
From: Greg Copeland <greg@CopelandConsulting.Net>
To: Lamar Owen <lamar.owen@wgcr.org>
Cc: Trond Eivind Glomsrød <teg@redhat.com>, PostgresSQL Hackers Mailing List <pgsql-hackers@postgresql.org>
Date: 2002-03-12T20:18:02Z
Lists: pgsql-hackers, pgsql-general
IIRC, the issue here is that it was a double free and that it was ONLY of possible concern in the even that a specific sequence of calls were made AND a very cleaver hack was available to allow for uncontrolled/unvalidated input. While it may be worth noting, I seriously doubt this is a security issue for PostgresSQL. Greg On Tue, 2002-03-12 at 10:46, Lamar Owen wrote: > On Tuesday 12 March 2002 11:24 am, Trond Eivind Glomsrød wrote: > > Lamar Owen <lamar.owen@wgcr.org> writes: > > > Updating zlib is strongly recommended by many sources, and a patch is > > > available. > > > FWIW, I really doubt this is much of a problem for postgresql. It's > > mainly a problem for applications dealing with untrusted, compressed > > data (webbrowsers, imageviewers, programs with skins downloaded from > > the Internet) etc. > > It's probably NOT a big problem; but it IS a bug in an underlying library. > -- > Lamar Owen > WGCR Internet Radio > 1 Peter 4:11 > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html