[ircd-ratbox] zlib advisory

Lee H lee at leeh.co.uk
Sun Jul 10 23:13:43 UTC 2005


Hey,

There has been a buffer overflow found in zlib:
http://secunia.com/advisories/15949/

This affects ircd, which uses zlib for compression between servers.
Vulnerability is limited to other servers that can link to your own
and introduce themselves to the network, when they have compression
enabled.

If your ircd is built 'normally', upgrading zlib will be sufficient.
If your ircd is built statically, you will need to recompile servlink 
too.  

A workaround is simply disabling compression to all servers.

Note any existing compressed links will still be using the old library, 
so for complete protection these servers should be reconnected.

-- 
-                 Lee H // anfl
-        I code, therefore I break things.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ratbox.org/pipermail/ircd-ratbox/attachments/20050711/b88ce024/attachment.pgp


More information about the ircd-ratbox mailing list