Re: Zlib vulnerability heads-up.
Trond Eivind Glomsrød <teg@redhat.com>
From: teg@redhat.com (Trond Eivind Glomsrød )
To: Jan Wieck <janwieck@yahoo.com>
Cc: Lamar Owen <lamar.owen@wgcr.org>, pgsql-hackers@postgresql.org
Date: 2002-03-12T23:30:42Z
Lists: pgsql-hackers, pgsql-general
Jan Wieck <janwieck@yahoo.com> writes: > Lamar Owen wrote: > > On Tuesday 12 March 2002 11:34 am, Jan Wieck wrote: > > > Lamar Owen wrote: > > > [Charset iso-8859-15 unsupported, filtering to ASCII...] > > > > As PostgreSQL uses the zlib library (for TOAST?), this is a headsup that > > > > a bug has been found in the zlib library that could cause data > > > > corruption or a security breach. > > > > > PostgreSQL does not use the zlib library for toast. The > > > algorithm used in toast is based on Adisak Pochanayon's SLZ. > > > > Good. I think. > > > > But what _does_ use zlib in PostgreSQL? > > On a quick search I can only see pg_backup using it. I see many more, including the postmaster: [teg@halden teg]$ ldd /usr/bin/postmaster libssl.so.2 => /lib/libssl.so.2 (0x4002e000) libcrypto.so.2 => /lib/libcrypto.so.2 (0x4005c000) libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x4011f000) libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x40176000) libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x40186000) libz.so.1 => /usr/lib/libz.so.1 (0x40188000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x40196000) libresolv.so.2 => /lib/libresolv.so.2 (0x401c4000) libnsl.so.1 => /lib/libnsl.so.1 (0x401d5000) libdl.so.2 => /lib/libdl.so.2 (0x401ea000) libm.so.6 => /lib/i686/libm.so.6 (0x401ed000) libreadline.so.4 => /usr/lib/libreadline.so.4 (0x4020f000) libtermcap.so.2 => /lib/libtermcap.so.2 (0x40235000) libc.so.6 => /lib/i686/libc.so.6 (0x4023a000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) [teg@halden teg]$ -- Trond Eivind Glomsrød Red Hat, Inc.