TechTarget

Security flaw found in Linux file compression library

A potentially security vulnerability has been reported in the widely used zlib compression library found in Linux systems.

A potentially security vulnerability has been reported in the widely used zlib compression library found in Linux systems.

The flaw found in the library could allow a attacker to take root control of the machine. Mark Cox, senior director of engineering at Red Hat, said the flaw is "potentially a big deal" because the library is widely used. Zlib provides compression algorithms designed to speed up network file transfers.

No known exploits of the flaw have been reported so far, he said. Vendors have been researching the problem for the past month and have created fixes. But Cox warned users over complacency. "This is a significant vulnerability," he said, "People should update their systems even if there's no intrusions yet. It's a simple fix, available now."

Dave Wreski, director at Guardian Digital, an open source security company, said every Linux installation is potentially affected.

"An exploit will certainly be developed for this," Wreski said. "It's just too great a risk."

The patches, available at the zlib Web site and Red Hat among others, fix the error condition that can cause the double-free.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close