| From: | teg(at)redhat(dot)com (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=) |
|---|---|
| To: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Zlib vulnerability heads-up. |
| Date: | 2002-03-12 16:24:10 |
| Message-ID: | xuyk7sh3gb9.fsf@halden.devel.redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> As PostgreSQL uses the zlib library (for TOAST?), this is a headsup that a
> bug has been found in the zlib library that could cause data corruption or a
> security breach.
>
> See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details.
>
> Updating zlib is strongly recommended by many sources, and a patch is
> available.
>
> I have only posted this to HACKERS; if a cross-post to GENERAL or ADMIN is
> useful, that can be arranged.
FWIW, I really doubt this is much of a problem for postgresql. It's
mainly a problem for applications dealing with untrusted, compressed
data (webbrowsers, imageviewers, programs with skins downloaded from
the Internet) etc.
--
Trond Eivind Glomsrød
Red Hat, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 2002-03-12 16:34:13 | Re: Zlib vulnerability heads-up. |
| Previous Message | Lamar Owen | 2002-03-12 16:05:24 | Zlib vulnerability heads-up. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Luis Alberto Amigo Navarro | 2002-03-12 16:34:03 | bad performance on SMP |
| Previous Message | Zeugswetter Andreas SB SD | 2002-03-12 16:23:09 | Re: Adding qualification conditions to EXPLAIN output |