From owner-freebsd-questions Mon Mar 11 23:52:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from green.nl.gxn.net (green.nl.gxn.net [62.100.30.36]) by hub.freebsd.org (Postfix) with ESMTP id 6D5D637B402 for ; Mon, 11 Mar 2002 23:52:15 -0800 (PST) Received: from smp.phonax.com (asd-tel-ap01-d02-074.dial.freesurf.nl [62.100.1.74]) by green.nl.gxn.net (Postfix) with ESMTP id 2FEF521A0F for ; Tue, 12 Mar 2002 08:51:30 +0100 (MET) Received: from phonax.com (smp.phonax.com [194.79.210.3]) by smp.phonax.com (Postfix) with ESMTP id 72D3E82007 for ; Tue, 12 Mar 2002 08:36:38 +0100 (CET) Message-ID: <3C8DB005.9141D2C@phonax.com> Date: Tue, 12 Mar 2002 08:36:38 +0100 From: Raymond Doetjes X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: zLib 1.1.3 bug also applicable in FreeBSD? X-Priority: 2 (High) Content-Type: multipart/alternative; boundary="------------740EBA1BCCE8AD33C6BA4CAD" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --------------740EBA1BCCE8AD33C6BA4CAD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit L.S: I don't know whether you have heard it from the Linux distro's but zlib has a potential exploit due to the fact that alloced memory can be freed twice. zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also used on FreeBSD and undoubtedly the bug is in here aswell. Are there security advisories available and updated ports that link to 1.1.4 instead of 1.1.3? Does FreeBSD ports collection only do a dynamic link to zlib or also static? Raymond -- Unix Solutions http://www.phonax.com mailto:rdoetjes@phonax.com Unix is not "just" an Operating System Unix is a way of life phone: (+)31 (0)30 6061361 mobile: (+)31 (0)6 11437280 --------------740EBA1BCCE8AD33C6BA4CAD Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit L.S:

I don't know whether you have heard it from the Linux distro's but zlib has a potential exploit due to the fact that alloced memory can be freed twice.
zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also used on FreeBSD and undoubtedly the bug is in here aswell.

Are there security advisories available and updated ports that link to 1.1.4 instead of 1.1.3?
Does FreeBSD ports collection only do a dynamic link to zlib or also static?

Raymond 

-- 
Unix Solutions http://www.phonax.com    mailto:rdoetjes@phonax.com

             Unix is not "just" an Operating System 
                       Unix is a way of life

phone: (+)31 (0)30 6061361
mobile: (+)31 (0)6 11437280
  --------------740EBA1BCCE8AD33C6BA4CAD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message