| |
|
|
XFree86 Information for VU#368819
Vendor StatementXFree86 versions 4.0 through 4.2.0 include zlib version 1.0.8. XFree86 3.x includes zlib version 1.0.4. The zlib code included with XFree86 is only used on some platforms. This is determined by the setting of HasZlib in the imake config files in the xc/config/cf source directory. If HasZlib is set to YES in the platform's vendor.cf file(s), then the system-provided zlib is used instead of the XFree86-provided version. XFree86 uses the system-provided zlib by default only on the following platforms:FreeBSD 2.2 and later The zlib code in XFree86 has been fixed in the CVS repository (trunk and the xf-4_2-branch branch) as of 14 February 2002. A source patch for XFree86 4.2.0 will be available from ftp://ftp.xfree86.org/pub/XFree86/4.2.0/fixes/. The following XFree86 4.2.0 binary distributions provided by XFree86 include and use a vulnerable version of zlib:
Linux-ix86-glibc22 To check if an installation of XFree86 includes zlib, see if the following file exists:
Various vendors repackage and distribute XFree86, and may use settings and configurations different from those described here. Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
 | |||||||||||||||||||
 |
||||||||||||||||||||||
