Re: Zlib vulnerability heads-up.
Trond Eivind Glomsrød <teg@redhat.com>
From: teg@redhat.com (Trond Eivind Glomsrød )
To: Lamar Owen <lamar.owen@wgcr.org>
Cc: pgsql-hackers@postgresql.org
Date: 2002-03-12T16:24:10Z
Lists: pgsql-hackers, pgsql-general
Lamar Owen <lamar.owen@wgcr.org> writes: > As PostgreSQL uses the zlib library (for TOAST?), this is a headsup that a > bug has been found in the zlib library that could cause data corruption or a > security breach. > > See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details. > > Updating zlib is strongly recommended by many sources, and a patch is > available. > > I have only posted this to HACKERS; if a cross-post to GENERAL or ADMIN is > useful, that can be arranged. FWIW, I really doubt this is much of a problem for postgresql. It's mainly a problem for applications dealing with untrusted, compressed data (webbrowsers, imageviewers, programs with skins downloaded from the Internet) etc. -- Trond Eivind Glomsrød Red Hat, Inc.