From owner-freebsd-security  Tue Mar 19 23:36:54 2002
Delivered-To: freebsd-security@freebsd.org
Received: from atlantis.dp.ua (atlantis.dp.ua [193.108.46.1])
	by hub.freebsd.org (Postfix) with ESMTP id B66D337B400
	for <freebsd-security@freebsd.org>; Tue, 19 Mar 2002 23:36:48 -0800 (PST)
Received: from localhost (dmitry@localhost)
	by atlantis.dp.ua (8.11.1/8.11.1) with ESMTP id g2K7aiu24760
	for <freebsd-security@freebsd.org>; Wed, 20 Mar 2002 09:36:45 +0200 (EET)
	(envelope-from dmitry@atlantis.dp.ua)
Newsgroups: lucky.freebsd.security
Date: Tue, 19 Mar 2002 23:16:59 +0200
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Subject: HEADS UP: FreeBSD-SA-02:18.zlib vs kern/35969
In-Reply-To: <200203181500.g2IF04C32485@freefall.freebsd.org.lucky.freebsd.security>
Message-ID: <Pine.BSF.4.31.0203192307200.33201-100000@atlantis.dp.ua>
References: <200203181500.g2IF04C32485@freefall.freebsd.org.lucky.freebsd.security>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hello!

  Heads up! The fix given with this advisory seems to be buggy, at least in
kernel part (sys/net/zlib.c, see kern/35969). Now, while PR is still open,
what would be wise: use patched or non-patched kernel? Patched one could panic
with PPP_DEFLATE - what could be done with non-patched one by hackers?
Also, has fix for lib/libz/infblock.c been verified for correctness?


Sincerely, Dmitry

Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message