From owner-freebsd-stable  Mon Mar 11 15:52:41 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id C92D437B405
	for <freebsd-stable@FreeBSD.ORG>; Mon, 11 Mar 2002 15:52:35 -0800 (PST)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id g2BNqUh26426;
	Mon, 11 Mar 2002 15:52:30 -0800
Date: Mon, 11 Mar 2002 15:52:30 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Alan Eldridge <alane@geeksrus.net>
Cc: FreeBSD Stable List <freebsd-stable@FreeBSD.ORG>
Subject: Re: zlib security advisory
Message-ID: <20020311155230.A24573@Odin.AC.HMC.Edu>
References: <20020311233900.GC70667@wwweasel.geeksrus.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020311233900.GC70667@wwweasel.geeksrus.net>; from alane@geeksrus.net on Mon, Mar 11, 2002 at 06:39:00PM -0500
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 11, 2002 at 06:39:00PM -0500, Alan Eldridge wrote:
> Redhat just announced a security problem is zlib which affects, oh,
> half the bloody world of network programs. A CERT advisory is expected
> to follow. Do we have a patch, or should I work one up based on
> RedHat's?
>=20
> http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html

The updated zlib has been commited to current stable will presumably
follow shortly.  Additionaly, phk says that the FreeBSD malloc should
not be vulnerable to exploits of this type.  It will produce a warning
and either continue or exit depending on your malloc flags.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--ReaqsoxgOBHFXBhH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8jUM9XY6L6fI4GtQRAv2gAJ9YO3aafItrS11wmwP8ppHa3wWvCgCfVgSB
vxa5ltt5Tr2+NCozLVDvazU=
=LBCZ
-----END PGP SIGNATURE-----

--ReaqsoxgOBHFXBhH--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message