Wireshark · Ethereal-dev: [Ethereal-dev] zlib version upgrade

Ethereal-dev: [Ethereal-dev] zlib version upgrade - security issue

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Andrew Hood <ajhood@xxxxxxxxx>

Date: Sun, 24 Jul 2005 22:21:20 +1000

Please update the version being used in the build.

http://www.zlib.net/

Version 1.2.3 eliminates potential security vulnerabilities in zlib
1.2.1 and 1.2.2, so all users of those versions should upgrade
immediately. The following important fixes are provided in zlib 1.2.3
over 1.2.1 and 1.2.2:

    * Eliminate a potential security vulnerability when decoding invalid
compressed data
    * Eliminate a potential security vulnerability when decoding
specially crafted compressed data
    * Fix a bug when decompressing dynamic blocks with no distance codes
    * Fix crc check bug in gzread() after gzungetc()
    * Do not return an error when using gzread() on an empty file


-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who

Follow-Ups:
- Re: [Ethereal-dev] zlib version upgrade - security issue
  - From: Ulf Lamping

Prev by Date: Re: [Ethereal-dev] Win32 NSIS: calling old Ethereal uninstaller (if existing) before installing new Ethereal version?
Next by Date: [Ethereal-dev] resubmit patch for packet-slowprotocols.c
Previous by thread: Re: [Ethereal-dev] PATCH: packet-ieee80211.c
Next by thread: Re: [Ethereal-dev] zlib version upgrade - security issue
Index(es):
- Date
- Thread