Reference to a security vulnerability

sforrest · March 7, 2008, 8:13pm

On the page (link below) there is reference to a possible security vulnerability if the default value for Root.ZipMode: were set to 0 in the .rootrc file. Where can I find additional information on this?

root.cern.ch/viewvc/branches/dev … hrev=20130
# Select the compression algorithm (0=old zlib, 1=new zlib)
# Note, setting this to `0’ may be a security vulnerability.
Root.ZipMode: 1

Stan Forrester

pcanal · March 13, 2008, 4:50pm

Hi,

see: secunia.com/advisories/15949/

For more Google “zlib cert”, it advices to update to 1.2.3 which we are using.

You can also search on zlib on the following link to turn up a description and example exploits:

nvd.nist.gov/nvd.cfm?advancedsearch

Cheers,
Philippe.

sforrest · March 13, 2008, 5:00pm

Thank you