Skip site navigation (1)Skip section navigation (2) 
Date:      12 Mar 2002 03:00:56 -0500
From:      Joe Clarke <marcus@marcuscom.com>
To:        Raymond Doetjes <rdoetjes@phonax.com>
Cc:        FreeBSD User Questions List <freebsd-questions@freebsd.org>
Subject:   Re: zLib 1.1.3 bug also applicable in FreeBSD?
Message-ID:  <1015920056.90885.1.camel@shumai.marcuscom.com>
In-Reply-To: <3C8DB005.9141D2C@phonax.com>
References:  <3C8DB005.9141D2C@phonax.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--=-OrUyNnjQ6Poc2Cb+EdSa
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-03-12 at 02:36, Raymond Doetjes wrote:
> L.S:
>=20
> I don't know whether you have heard it from the Linux distro's but zlib
> has a potential exploit due to the fact that alloced memory can be freed
> twice.
> zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also
> used on FreeBSD and undoubtedly the bug is in here aswell.
>=20
> Are there security advisories available and updated ports that link to
> 1.1.4 instead of 1.1.3?
> Does FreeBSD ports collection only do a dynamic link to zlib or also
> static?

This has been discussed throughout the day.  The last I heard was that
the malloc() used by FreeBSD (phk's malloc) is not vulnerable to this
problem.  However, checking the archives of freebsd-ports and
freebsd-stable will get you up-to-date.

Joe

>=20
> Raymond
>=20
> --
> Unix Solutions http://www.phonax.com    mailto:rdoetjes@phonax.com
>=20
>              Unix is not "just" an Operating System
>                        Unix is a way of life
>=20
> phone: (+)31 (0)30 6061361
> mobile: (+)31 (0)6 11437280
>=20
>=20


--=-OrUyNnjQ6Poc2Cb+EdSa
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjyNtbcACgkQb2iPiv4Uz4dAbwCeP50TOaLVBxXAtTcSzF2mnNtC
X2kAnRFBa7AXHnlqx5p3dr/fBJtHBvr1
=quCV
-----END PGP SIGNATURE-----

--=-OrUyNnjQ6Poc2Cb+EdSa--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1015920056.90885.1.camel>