Security flaw detected in Linux; fix available

Early this week, a bug was discovered in a software compression library called zlib that is used by most Linux distributions. But a fix has also been released.

  • E-Mail
By  Vijaya George Published  March 14, 2002

A flaw reported in most Linux distributions and open-source operating systems gave open-source advocates yet another opportunity to prove how well their “free” system worked. Early this week, an engineer at Red Hat chanced upon a bug on a software compression library called zlib, used by most Linux distributions, and there were concerns that it would make systems vulnerable to attack from crackers. However, a fix also became immediately available from Red Hat.

“Normally, in an open source community any bug that is identified doesn’t cause any panic because a fix is immediately released,” assured GSC Prabhakar, CEO of GoldenSun Internet and Consulting Research.

Known as a "double-free vulnerability," the software bug causes programmes that use zlib to behave unpredictably when a malicious programme tries to free memory more than once. Programmes do not try to free memory repeatedly except by accident or unless forced by an outside party. “However, there have been no reports of any user’s security being compromised,” clarified Yahya Kassab, business development manager, Red Hat Middle East.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code