Author Topic: Zlib flaw threatens MS code  (Read 2413 times)

0 Members and 1 Guest are viewing this topic.

MikeTrader

  • Guest
Zlib flaw threatens MS code
« on: January 14, 2008, 01:59:21 AM »
http://www.eweek.com/c/a/Security/Zlib-Security-Flaw-Exposes-Swath-of-Programs/

Quote
This time, the flaw is a buffer overflow in the decompression process. Because the program doesnt properly validate input data, it can be fed bad data, which can lead to a buffer overflow.

Ooops.


Quote
Symantec Corp. reports that AIX, Debian, FreeBSD, Gentoo, SuSE, Red Hat, Ubuntu and many other operating systems are affected.

Quote
Mark Adler [a Zlib co-author] responded to my report with a patch and an in-depth investigation and explanation within 24 hours, and I believe he expects to release a new version of Zlib very soon."

http://news.zdnet.com/2100-3513_22-860428.html
Quote
Yet, the incident seemingly proves that Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products.