Some of you may have heard news about the "double free" bug in the zlib libraries that many Linux programs use:
http://www.kb.cert.org/vuls/id/368819 http://www.redhat.com/support/errata/RHSA-2002-026.html There is a quote on the Redhat errata page that got me thinking: "Additionally, if you have any programs that you have compiled yourself, you should check to see if they use zlib. If they link to the shared zlib library then they will not be vulnerable once the shared zlib library is updated to the errata package. However, if any programs that decompress arbitrary data statically link to zlib or use their own version of the zlib code internally, then they need to be patched or recompiled. " I remember having to compile PHP 4.1.2 using "--with-zlib"....but I don't know enough about it to say whether or not PHP statically links to the zlib or dynamically... Does anyone here know? After I patch the zlib libraries should I recompile PHP? Thanks in advance... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
