Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Mar 2002 09:49:05 -0600
From:      Bob Bomar <rbbomar@fly.homeunix.org>
To:        questions@freebsd.org
Subject:   Re: zLib 1.1.3 bug also applicable in FreeBSD?
Message-ID:  <20020312094905.C33915@fly.homeunix.org>
In-Reply-To: <3C8DB005.9141D2C@phonax.com>; from rdoetjes@phonax.com on Tue, Mar 12, 2002 at 08:36:38AM %2B0100
References:  <3C8DB005.9141D2C@phonax.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--zCKi3GIZzVBPywwA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 12, 2002 at 08:36:38AM +0100, Raymond Doetjes wrote:
> L.S:
>=20
> I don't know whether you have heard it from the Linux distro's but zlib
> has a potential exploit due to the fact that alloced memory can be freed
> twice.
> zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also
> used on FreeBSD and undoubtedly the bug is in here aswell.
>=20
> Are there security advisories available and updated ports that link to
> 1.1.4 instead of 1.1.3?
> Does FreeBSD ports collection only do a dynamic link to zlib or also
> static?
>=20
> Raymond
>=20
> --
> Unix Solutions http://www.phonax.com    mailto:rdoetjes@phonax.com
>=20
>              Unix is not "just" an Operating System
>                        Unix is a way of life
>=20
> phone: (+)31 (0)30 6061361
> mobile: (+)31 (0)6 11437280
>=20
>=20

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D50881+0+current/freebsd-secu=
rity

Doesnt affect FreeBSD

--=20
|------------------------------------|
| Bob Bomar                          |
| rbbomar@fly.homeunix.org           |
| http://fly.homeunix.org/~bob       |
|=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D|
| FreeBSD: The Power to Serve        |
| http://www.FreeBSD.org             |
|------------------------------------|

--zCKi3GIZzVBPywwA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8jiNxgRE7A1Lz3hQRAjkXAJ9b+zJHlmoEfiWTVhW98xIPDEkQxwCfRwSy
GZoIyvXCUBKLZGBzkUG7m+Y=
=yY8M
-----END PGP SIGNATURE-----

--zCKi3GIZzVBPywwA--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312094905.C33915>