Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Jan 2005 01:47:41 -0800
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Mark" <admin@asarian-host.net>, "'FreeBSD-Questions Questions'" <freebsd-questions@freebsd.org>
Subject:   RE: 1st security warning: "installed zlib version maycontainasecurity bug"
Message-ID:  <LOBBIFDAGNMAMLGJJCKNIEDDFAAA.tedm@toybox.placo.com>
In-Reply-To: <200501310428.j0V4S2bK052033@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help 


> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mark
> Sent: Sunday, January 30, 2005 8:28 PM
> To: 'FreeBSD-Questions Questions'
> Subject: RE: 1st security warning: "installed zlib version
> maycontainasecurity bug"
> 
> 
> > -----Original Message-----
> > From: owner-freebsd-questions@freebsd.org 
> > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Ted 
> > Mittelstaedt
> > Sent: maandag 31 januari 2005 1:40
> > To: Lowell Gilbert; Timothy Luoma
> > Cc: FreeBSD-Questions Questions
> > Subject: RE: 1st security warning: "installed zlib version 
> > may containasecurity bug"
> > 
> > zlib is part of the base OS it should be at version 1.2.2 in
> > FreeBSD 4.11R, since version 1.2.2 was released in October
> > 2004.
> 
> Ok, now you got me worried. How do I check my current version?

man zlib

> I am on FreeBSD 4.10R, with the all the latest security patches.
> Or so I thought.
> 
> > Keep in mind that this WILL NOT fix the zlib security hole in
> > the system. zlib is probably linked into a number of utilities
> > on your system and a proper fix would be to replace the zlib
> > library, and recompile all the utilities in the system that
> > are linked into the static library.
> 
> If there is a security hole, how come there is no advisory on the
> FreeBSD site? Or is there a place I did not look?
> 

there isn't one, because the CERT advisory only listed 1.2.x

you didn't read my second e-mail, obviously.

Ted

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNIEDDFAAA.tedm>