Security flaw could affect all Linux systems

A buffer overflow in a library common to most Linux systems could cause a serious security hole that allows those systems to be remotely attacked and taken over, according to a security alert issued by Linux security firm Guardian Digital Inc.

The CERT Coordination Center (CERT/CC), a federally funded computer security group based at Pittsburgh’s Carnegie Mellon University, also issued an advisory on the vulnerability Tuesday.

The flaw is in a component called zlib, which is used for file decompression in programs such as the GNU Compiler Collection development environment, the Mozilla Web browser and the X11 system which is used by some Linux installations to draw windows, according to the alert from the Upper Saddle River, N.J., s-based firm.

A buffer overflow results when the amount of memory assigned to a program or task is overrun, often allowing an attacker to execute code. In this case, programs that use the zlib component for network compression are vulnerable to attack due to the flaw, Guardian Digital said.

While it is not clear whether the hole can be easily exploited, CERT/CC issued its alert as a preventative measure due to zlib’s wide distribution.

The hole is even more serious because many programs link to zlib and thereby inherit the same vulnerability, the alert said. Because of this, many different software packages will have to be updated or patched to fix the vulnerability, according to Guardian Digital.

No exploit is currently known to exist for the vulnerability, the company said.

Users should consult Linux operating system vendors for patches or fixes. CERT/CC also advised users to upgrade their version of zlib. New versions of the component can be found at http://www.gzip.org/zlib/

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now