1 Reply Latest reply on Jul 13, 2005 5:06 PM by Sean Daley

    libblzlib version

      While reading about the zlib 1.2.2 buffer overflow vulnerability recently I thought I'd check on the version included with the rscd. Based on a strings output of the library it appears to be version 1.1.4 on my 6.2.3 and 6.3 installations. While this version is not vulnerable to the buffer overflow it is significantly slower that the 1.2 branch.


      Pending a patch release for the zlib 1.2 branch, are there any plans to incorporate the zlib 1.2 performance improvements into the BL software? Just curious...

        • 1. Re: libblzlib version

          At this point and time no. There are only really two places where BladeLogic uses this zlib library. One is with the gzip command that comes with the Network Shell and the other is when compression is turned on with the agent. Since turning compression on with the agent is not very useful when tls is enabled, there hasn't been too much of a push to upgrade this particular library.