ZLIB vulnerability
Anton Stiglic
astiglic@okiok.com
Fri Mar 15 17:51:01 2002
Hi all,
this has maybe already been discussed here, but I haven't seen any mention
of it on www.gnupg.org.
A colleague of mine pointed out to me that there is a security vulnerability
with zlib version < 1.1.4.
GnuPG 1.0.6 uses zlib version 1.1.3, so there is a security risk.
See
http://www.gzip.org/zlib/advisory-2002-03-11.txt
They suggested replacing older versions of zlib with zlib version 1.1.4,
I would suggest a new version of GnuPG that comes with zlib v 1.1.4.
--Anton