Security flaw found in Linux file compression library


Security flaw found in Linux file compression library

A potentially security vulnerability has been reported in the widely used zlib compression library found in Linux systems.

The flaw found in the library could allow a attacker to take root control of the machine. Mark Cox, senior director of engineering at Red Hat, said the flaw is "potentially a big deal" because the library is widely used. Zlib provides compression algorithms designed to speed up network file transfers.

No known exploits of the flaw have been reported so far, he said. Vendors have been researching the problem for the past month and have created fixes. But Cox warned users over complacency. "This is a significant vulnerability," he said, "People should update their systems even if there's no intrusions yet. It's a simple fix, available now."

Dave Wreski, director at Guardian Digital, an open source security company, said every Linux installation is potentially affected.

"An exploit will certainly be developed for this," Wreski said. "It's just too great a risk."

The patches, available at the zlib Web site and Red Hat among others, fix the error condition that can cause the double-free.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy