Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Mar 2002 10:29:06 -0500
From:      Mike Tancsa <mike@sentex.net>
To:        "Brian F. Feldman" <green@FreeBSD.ORG>, "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
Cc:        freebsd-security@FreeBSD.ORG, jedgar@FreeBSD.ORG
Subject:   Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?) 
Message-ID:  <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca>
In-Reply-To: <200203121511.g2CFB3U10275@green.bikeshed.org>
References:  <Your message of "Tue, 12 Mar 2002 08:53:37 CST." <20020312145337.GB35955@madman.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi,
Although it sounds like the bug is not exploitable on FreeBSD, is there a 
potential for a Denial of Service still with systems prior to the Feb 22 
commit?

         ---Mike

At 10:11 AM 3/12/02 -0500, Brian F. Feldman wrote:
>"Jacques A. Vidrine" <nectar@FreeBSD.ORG> wrote:
> > In addition to Poul-Henning's information below, the zlib bug was also
> > patched in the security branches around February 22nd ``just in
> > case.''  Likewise, similar code in the kernel was fixed
> > (sys/net/zlib.c).
> >
> > Hmm, I just noticed that for some reason, the fixes don't seem to have
> > been committed to -CURRENT or -STABLE.  Maybe Chris had a reason for
> > this.  It may be a moot point soon, as Brian has recently imported the
> > new (fixed) zlib into -CURRENT, and I imagine he will merge it into
> > -STABLE before long.
>
>Yes, I plan on MFCing it soon, since I have it on my RELENG_4_5 desktop and
>it seems to work just fine (as I imagine it darn well should).  Even though
>we're not vulnerable, and the bug is fixed earlier, I want to be able to say
>that we ship a known-good copy of zlib and have the version numbers there to
>back it up.  Sound reasonable?
>
>--
>Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
>   <> green@FreeBSD.org  <> bfeldman@tislabs.com      \  The Power to Serve! \
>  Opinions expressed are my 
> own.                       \,,,,,,,,,,,,,,,,,,,,,,\
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020312102633.027e5e40>