Language Selection

English French German Italian Portuguese Spanish

Zlib Security Flaw Exposes Swath of Programs

Filed under
Security

A serious security flaw has been identified in Zlib, a widely used data compression library. Fixes have begun to appear, but a large number of programs could be affected.

Zlib is a data compression library that is used by many third-party programs and is distributed with many operating systems, including many Linux and BSD distributions.

Microsoft Corp. and other proprietary software companies also use the library in many programs. These companies can do so because Zlib is licensed under liberal BSD-style license.

This isn't the first time that the popular Zlib has been the center of a security concern. In 2002, a problem with how it handled memory allocation became a major concern.

This time, the flaw is a buffer overflow in the decompression process. Because the program doesn't properly validate input data, it can be fed bad data, which can lead to a buffer overflow.

This, in turn, means that if a user opens a file with a Zlib-enabled application, such as a Web browser or data compression tool, which contains specially malformed compressed data, an attacker could execute arbitrary code as the user. If this user were running as a system administrator the flaw would run at that level as well.

Since Zlib is so ubiquitous, this represents a serious security concern.

It's not clear how many programs are affected, but some operating system distributions are widely exposed. According to one source, numerous key packages in the Fedora Core 3 distribution use Zlib. Symantec Corp. reports that AIX, Debian, FreeBSD, Gentoo, SuSE, Red Hat, Ubuntu and many other operating systems are affected.

Full Story.

UPDATE: Linux vendors pump out highly critical patch.

More in Tux Machines

How to make Linux's desktop look good on high-resolution displays

Ultra-high-resolution displays with high pixel densities are all the rage now, and for good reason: They look amazing compared to conventional displays. The big problem for PC users is that a lot of software isn't designed with that level of pixel density in mind. If you're running GNOME 3 in Linux, your first boot will have you looking for your reading glasses. (Windows suffers from similar issues with high-DPI displays.) Luckily, you can save your eyes and enjoy that glorious screen you paid for with a few steps. This article will show you how to change the scaling settings for GNOME 3, Mozilla’s Firefox and Thunderbird, and Chromium. Read more

Elementary OS 0.3 (Freya) Released – A Quick Review and Installation Guide with Screenshots

Elementary OS is a Ubuntu based GNU/Linux distribution, which started as a theme and application set for Ubuntu. From eye-candy theme and wallpaper it turns out to be an independent Linux distribution. It inherits legacy of Ubuntu OS and shares Ubuntu’s software Center for package management. It is known for its lightweight nature which is low on resource that makes it easy to run on old PCS, simple yet effective user interface, beautiful themes and wallpaper serves as an eye-candy to users and one of the best Linux OS for Linux newbies. Read more

Evolving KDE

KDE began its life as a desktop project and Qt showcase back in 1996. Since then KDE has evolved to become something more significant; the modern KDE is a global community of technologists, designers, writers and advocates producing some of the world’s finest user-centric Free Software. As we have evolved, so too has the world around us. The user’s experience is no longer restricted to the desktop. It has expanded to the user’s hands, wrists, glasses and more and will continue to evolve into areas we have yet to imagine. Read more