Security flaw detected in Linux; fix available
Early this week, a bug was discovered in a software compression library called zlib that is used by most Linux distributions. But a fix has also been released.
A flaw reported in most Linux distributions and open-source operating systems gave open-source advocates yet another opportunity to prove how well their “free” system worked. Early this week, an engineer at Red Hat chanced upon a bug on a software compression library called zlib, used by most Linux distributions, and there were concerns that it would make systems vulnerable to attack from crackers. However, a fix also became immediately available from Red Hat.
“Normally, in an open source community any bug that is identified doesn’t cause any panic because a fix is immediately released,” assured GSC Prabhakar, CEO of GoldenSun Internet and Consulting Research.
Known as a "double-free vulnerability," the software bug causes programmes that use zlib to behave unpredictably when a malicious programme tries to free memory more than once. Programmes do not try to free memory repeatedly except by accident or unless forced by an outside party. “However, there have been no reports of any user’s security being compromised,” clarified Yahya Kassab, business development manager, Red Hat Middle East.