Togan Muftuoglu
After the SuSE tandem announcement regarding zlib vuln. I have noticed that some other distros are also providing updates for ppp, XFree86 . I do not think I have seen these in the announcement. Does that mean those SuSE rpm's are not vulnerable for the zlib vul or yet more to come in the coming days is what I should read ?
Just guessing: Maybe these packages are dynamically linked against the
system libz. Then the following paragraph from the announcement would
apply:
| The packages affected by the double-free() libz bug can be devided into
| two categories:
|
| 1) packages that link dynamically against the system-provided
| compression library. These packages get fixed automatically with
| the update of the libz package as described in SuSE-SA:2002:010.
| Please note that the processes will continue to use the old
| version of the libz.so shared library if the have not been
| restarted after the libz package upgrade.
--
Rolf Krahl