Re: Zlib vulnerability heads-up.

Trond Eivind Glomsrød <teg@redhat.com>

From: teg@redhat.com (Trond Eivind Glomsrød )
To: Jan Wieck <janwieck@yahoo.com>
Cc: Lamar Owen <lamar.owen@wgcr.org>, pgsql-hackers@postgresql.org
Date: 2002-03-12T23:30:42Z
Lists: pgsql-hackers, pgsql-general
Jan Wieck <janwieck@yahoo.com> writes:

> Lamar Owen wrote:
> > On Tuesday 12 March 2002 11:34 am, Jan Wieck wrote:
> > > Lamar Owen wrote:
> > > [Charset iso-8859-15 unsupported, filtering to ASCII...]
> > > > As PostgreSQL uses the zlib library (for TOAST?), this is a headsup that
> > > > a bug has been found in the zlib library that could  cause data
> > > > corruption or a security breach.
> >
> > >     PostgreSQL  does  not  use  the  zlib  library for toast. The
> > >     algorithm used in toast is based on Adisak Pochanayon's  SLZ.
> >
> > Good.  I think.
> >
> > But what _does_ use zlib in PostgreSQL?
> 
>     On a quick search I can only see pg_backup using it.

I see many more, including the postmaster:

[teg@halden teg]$ ldd /usr/bin/postmaster 
	libssl.so.2 => /lib/libssl.so.2 (0x4002e000)
	libcrypto.so.2 => /lib/libcrypto.so.2 (0x4005c000)
	libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x4011f000)
	libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x40176000)
	libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x40186000)
	libz.so.1 => /usr/lib/libz.so.1 (0x40188000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x40196000)
	libresolv.so.2 => /lib/libresolv.so.2 (0x401c4000)
	libnsl.so.1 => /lib/libnsl.so.1 (0x401d5000)
	libdl.so.2 => /lib/libdl.so.2 (0x401ea000)
	libm.so.6 => /lib/i686/libm.so.6 (0x401ed000)
	libreadline.so.4 => /usr/lib/libreadline.so.4 (0x4020f000)
	libtermcap.so.2 => /lib/libtermcap.so.2 (0x40235000)
	libc.so.6 => /lib/i686/libc.so.6 (0x4023a000)
	/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
[teg@halden teg]$ 


-- 
Trond Eivind Glomsrød
Red Hat, Inc.