Contributed by grey on from the prompt patch posting dept.
Looks like you can crash applications through zlib again, and OpenBSD has promptly released an applicable patch. The vulnerability is caused due to insufficient error handling in the functions "inflate()" and "inflateBack()". 3.5 patch here: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch.
Of course, be sure to check http://www.openbsd.org/errata.html for additional details. The word from Brad Smith is that 3.4 is unaffected.
(Comments are closed)