Zlib Security Flaw Could Cause Widespread Trouble

← Back to Stories (view on slashdot.org)

Zlib Security Flaw Could Cause Widespread Trouble

Posted by timothy on Sunday July 10, 2005 @12:40AM from the all-over-the-place dept.

BlueSharpieOfDoom writes "Whitedust has an interesting article posted about the new zlib buffer overflow. It affects countless software applications, even on Microsoft Windows. Some of the most affected application are those that are able to use the PNG graphic format, as zlib is wildely used in compression of PNG images. Zlib was also in the news in 2002 because of a flaw found in the way it handled memory allocation. The new hole could allow remote attackers to crash the vulnerable program or even the possiblity of executing arbitrary code."

9 of 372 comments (clear)

Min score:

Reason:

Sort:

fp by Anonymous Coward · 2005-07-10 00:45 · Score: -1, Troll

HH
LP by Anonymous Coward · 2005-07-10 01:00 · Score: -1, Troll

* last post *
Re:Modularised code will always have this problem. by Anonymous Coward · 2005-07-10 01:07 · Score: -1, Troll

"probably because you had the filthy guts of uttering the Forbidden Word 'Visual C++'"

What the hell? The Visual C++ IDE (Visual Studio) is superior to any OSS I've seen so far, including Eclipse and KDevelop and every other IDE I've tried so far for Linux. I don't see why Linux users and OSS fans continually blam a product that is better than the OSS equivelant.

Try using my paradigm, "Use what's best". Here's what I use on my development machine:

Windows XP SP2 (Not Linux)
Visual Studio .NET 2003 Professional [Visual C++ .NET 2003] (Not Eclipse)
IE SP2 (I go without tabs)
WMP10 (Not WinAmp)

And before you bitch at me for using IE SP2 and being an M$ fanboy, on my web server I have:

Red Hat Enterprise Linux
Apache 1.3
mySQL 3.0
The GNU Toolkit for compiling my server side apps.

So get over it, "Da Fokka", and all you other insecure OSS fanboys, too.

-- Kawahee
Golly Gee! by tripslash · 2005-07-10 01:21 · Score: -1, Troll

Even software running on Windows? OMG, I thought Windows was Teh Sh1t!

Anyway, I don't see how this is such a big deal. Just apply the patch.

Oh, that's right, it's Windows ... I guess it is a big deal (applying a patch, that is).
wd1ck by Anonymous Coward · 2005-07-10 01:23 · Score: -1, Troll

are inher3ntly Are you a NIIGER own agenda - give
Re:Modularised code will always have this problem. by Grey+Ninja · 2005-07-10 01:25 · Score: 0, Troll

Okay, you are just stupid. Not a MS fanboy. I mean, seriously, you are using some of the shittiest desktop apps, and your server is running absolutely ANCIENT software.
Re:Modularised code will always have this problem. by Anonymous Coward · 2005-07-10 01:43 · Score: -1, Troll

Wow a human generated crapflood gets a +5 Interesting on slashdot. That isn't a first.
islam by Anonymous Coward · 2005-07-10 03:02 · Score: -1, Troll

islam = hitler

firebomb all islam ^_^
I love when this happens by irc.goatse.cx+troll · 2005-07-10 04:23 · Score: -1, Troll

Nothing more fun than firing off a couple apt-get upgrades in the morning while watching your bsd/gentoo friends sit around rebuilding ~every package on their system. Whats this about gained speed?

--
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx