Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

zlib security vulnerability ?

Discussion in 'Security' started by IRCBrasil, Nov 16, 2005.

  1. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    Hi, i was doing the cpanel update, when i saw this message:

    zlib version checking disabled. zlib versions <= 1.2.1 have a know security vulnerability
    See http://www.zlib.net/ for more information

    So, i did it:

    oot@matrix [/home/pousada/www]# rpm -qa |grep zlib
    zlib-1.1.4-8.1
    zlib-devel-1.1.4-8.1
    root@matrix [/home/pousada/www]#

    Well, if cpanel and/or up2date -u dont update zlib, can i do it by myself, or the cpanel must use the 1.1.4-8.1?

    Thanks people!
     
    #1 IRCBrasil, Nov 16, 2005
  2. PanelGuy

    PanelGuy Well-Known Member

    Joined:
    Oct 13, 2004
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    166
    ZLib and Fedora Core 4

    That's nice. They list Fedora Core 4 as effected, but only provide updates for Fedora core 3.
     
    #2 PanelGuy, Nov 16, 2005
  3. abubin

    abubin Well-Known Member

    Joined:
    Dec 7, 2004
    Messages:
    402
    Likes Received:
    3
    Trophy Points:
    168
    that's strange, my fc4 is using zlib-1.2.2.2-5.fc4. Though that is not my cpanel machine, I update only using yum.

    But yes, it's better to comfirm with cpanel on version compatibility before doing manual upgrades.

    And my Cpanel RHEL3 is still running zlib-1.1.4-8.1.
     
    #3 abubin, Nov 16, 2005
    Last edited: Nov 16, 2005
  4. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    156
    yeh... my box is RHEL3 too.. i think i will wait more before update zlib, maybe 1.2 dont work.
     
    #4 IRCBrasil, Nov 16, 2005
  5. PanelGuy

    PanelGuy Well-Known Member

    Joined:
    Oct 13, 2004
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    166
    According to the documentation, anything over 1.2.1 has the bug. So why is there a patch for Fedora 3 from Red Hat, but they ignore FC4, even thought they confirm the problem in FC4 too.
     
    #5 PanelGuy, Nov 16, 2005
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Remember a few things:

    1. RedHat backport security fixes into their code, so looking at the rpm version will give you no idea as to whether it's vulnerable or not, you would have to go through their errata pages.

    2. Fedora is a development OS is likely to have the latest version of most applications, as you exchanging stability for bleeding edge features. Fedora is also community supported, really, and isn't part of RedHat's support system anymore (though they use their resources and a lot of the developers work on Fedora too).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 chirpy, Nov 17, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - zlib security vulnerability
  1. WebHostPro

    Can you disable zlib.output_compression for one account?

    WebHostPro, Oct 22, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    166
    cPanelLauren
    Oct 25, 2018
  2. Hedloff

    Compress old maildir emails with Zlib

    Hedloff, Jun 18, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    134
    cPanelMichael
    Jun 19, 2018
  3. ijsaul

    SOLVED Issues Enabling zlib For W3 Total Cache

    ijsaul, Apr 7, 2017, in forum: Workarounds and Optimization
    Replies:
    6
    Views:
    2,640
    Mostafa Hussein
    Jun 13, 2017
  4. cPanelBenny

    EasyApache 4 2018-12-11 Security Release

    cPanelBenny, Dec 11, 2018 at 2:30 PM, in forum: cPanel Announcements
    Replies:
    0
    Views:
    67
    cPanelBenny
    Dec 11, 2018 at 2:30 PM
  5. kamranonline

    curl error on OWASP ModSecurity Core Rule Set V3.0 installation

    kamranonline, Dec 10, 2018 at 5:57 AM, in forum: Security
    Replies:
    1
    Views:
    93
    cPanelLauren
    Dec 12, 2018 at 12:55 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice