Home > mailing lists

Re: Zlib vulnerability heads-up. - Mailing list pgsql-hackers

From	teg@redhat.com (Trond Eivind Glomsrød)
Subject	Re: Zlib vulnerability heads-up.
Date	March 12, 2002 14:24:24
Msg-id	xuyk7sh3gb9.fsf@halden.devel.redhat.com Whole thread Raw
In response to	Zlib vulnerability heads-up. (Lamar Owen <lamar.owen@wgcr.org>)
Responses	Re: Zlib vulnerability heads-up. (Lamar Owen <lamar.owen@wgcr.org>)
List	pgsql-hackers

Tree view

Lamar Owen <lamar.owen@wgcr.org> writes:

> As PostgreSQL uses the zlib library (for TOAST?), this is a headsup that a 
> bug has been found in the zlib library that could  cause data corruption or a 
> security breach.
> 
> See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details.
> 
> Updating zlib is strongly recommended by many sources, and a patch is 
> available.
> 
> I have only posted this to HACKERS; if a cross-post to GENERAL or ADMIN is 
> useful, that can be arranged.

FWIW, I really doubt this is much of a problem for postgresql. It's
mainly a problem for applications dealing with untrusted, compressed
data (webbrowsers, imageviewers, programs with skins downloaded from
the Internet) etc. 

-- 
Trond Eivind Glomsrød
Red Hat, Inc.

pgsql-hackers by date:

From: "Zeugswetter Andreas SB SD"
Date: 12 March 2002, 14:24:18
Subject: Re: Adding qualification conditions to EXPLAIN output

From: "Luis Alberto Amigo Navarro"
Date: 12 March 2002, 14:31:57
Subject: bad performance on SMP

Re: Zlib vulnerability heads-up. - Mailing list pgsql-hackers

Previous

Next