upgrade to Compress-Zlib-1.34 recommended

Jeff A. Earickson jaearick at COLBY.EDU
Mon Jan 31 16:42:12 GMT 2005


Gang,

I've been keeping my eye out for this one...  A new version
of Compress-Zlib has been released at CPAN.  Version 1.33 used
zlib 1.1.4.  Version 1.34 of Compress-Zlib uses zlib 1.2.2.
Version 1.2.1 had a security vulnerability that 1.2.2 repaired
(I don't know if this vulnerability was in 1.1.4).

For more info, see:

http://www.zlib.net
http://archives.neohapsis.com/archives/bugtraq/2004-08/0370.html
http://search.cpan.org/~pmqs/Compress-Zlib-1.34/

I would urge you to (a) upgrade zlib, (b) upgrade Compress-Zlib
perl module, (c) make sure that OpenSSH is using zlib 1.2.2
(offtopic to MailScanner, but good security).

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list