From owner-freebsd-questions Tue Mar 12 7:50:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dc-mx08.cluster1.charter.net (dc-mx08.cluster0.hsacorp.net [209.225.8.18]) by hub.freebsd.org (Postfix) with ESMTP id 5CC1F37B77F for ; Tue, 12 Mar 2002 07:50:29 -0800 (PST) Received: from fly.homeunix.org ([66.169.158.130] verified) by dc-mx08.cluster1.charter.net (CommuniGate Pro SMTP 3.5.3) with ESMTP id 21173446 for questions@freebsd.org; Tue, 12 Mar 2002 10:48:24 -0500 Received: by fly.homeunix.org (Postfix, from userid 1001) id 7FB2B5CCE; Tue, 12 Mar 2002 09:49:05 -0600 (CST) Date: Tue, 12 Mar 2002 09:49:05 -0600 From: Bob Bomar To: questions@freebsd.org Subject: Re: zLib 1.1.3 bug also applicable in FreeBSD? Message-ID: <20020312094905.C33915@fly.homeunix.org> References: <3C8DB005.9141D2C@phonax.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="zCKi3GIZzVBPywwA" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C8DB005.9141D2C@phonax.com>; from rdoetjes@phonax.com on Tue, Mar 12, 2002 at 08:36:38AM +0100 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --zCKi3GIZzVBPywwA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 12, 2002 at 08:36:38AM +0100, Raymond Doetjes wrote: > L.S: >=20 > I don't know whether you have heard it from the Linux distro's but zlib > has a potential exploit due to the fact that alloced memory can be freed > twice. > zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also > used on FreeBSD and undoubtedly the bug is in here aswell. >=20 > Are there security advisories available and updated ports that link to > 1.1.4 instead of 1.1.3? > Does FreeBSD ports collection only do a dynamic link to zlib or also > static? >=20 > Raymond >=20 > -- > Unix Solutions http://www.phonax.com mailto:rdoetjes@phonax.com >=20 > Unix is not "just" an Operating System > Unix is a way of life >=20 > phone: (+)31 (0)30 6061361 > mobile: (+)31 (0)6 11437280 >=20 >=20 http://docs.freebsd.org/cgi/getmsg.cgi?fetch=3D50881+0+current/freebsd-secu= rity Doesnt affect FreeBSD --=20 |------------------------------------| | Bob Bomar | | rbbomar@fly.homeunix.org | | http://fly.homeunix.org/~bob | |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D| | FreeBSD: The Power to Serve | | http://www.FreeBSD.org | |------------------------------------| --zCKi3GIZzVBPywwA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8jiNxgRE7A1Lz3hQRAjkXAJ9b+zJHlmoEfiWTVhW98xIPDEkQxwCfRwSy GZoIyvXCUBKLZGBzkUG7m+Y= =yY8M -----END PGP SIGNATURE----- --zCKi3GIZzVBPywwA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message