News

Security flaw found in Linux file compression library

A potentially security vulnerability has been reported in the widely used zlib compression library found in Linux systems.

The flaw found in the library could allow a attacker to take root control of the machine. Mark Cox, senior director of engineering at Red Hat, said the flaw is "potentially a big deal" because the library is widely used. Zlib provides compression algorithms designed to speed up network file transfers.

No known exploits of the flaw have been reported so far, he said. Vendors have been researching the problem for the past month and have created fixes. But Cox warned users over complacency. "This is a significant vulnerability," he said, "People should update their systems even if there's no intrusions yet. It's a simple fix, available now."

Dave Wreski, director at Guardian Digital, an open source security company, said every Linux installation is potentially affected.

"An exploit will certainly be developed for this," Wreski said. "It's just too great a risk."

The patches, available at the zlib Web site and Red Hat among others, fix the error condition that can cause the double-free.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy