From owner-freebsd-security Mon Mar 11 13:20:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from moek.pir.net (moek.pir.net [130.64.1.215]) by hub.freebsd.org (Postfix) with ESMTP id B607037B402 for ; Mon, 11 Mar 2002 13:20:24 -0800 (PST) Received: from pir by moek.pir.net with local (Exim) id 16kXDT-0007Vg-00 for freebsd-security@freebsd.org; Mon, 11 Mar 2002 16:20:23 -0500 Date: Mon, 11 Mar 2002 16:20:23 -0500 From: Peter Radcliffe To: freebsd-security@freebsd.org Subject: Re: zlib overflow problem? Message-ID: <20020311212023.GF20422@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: <00d601c1c941$56be3dd0$3028680a@tgt.com> <20020311131442.D77202@rain.macguire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020311131442.D77202@rain.macguire.net> User-Agent: Mutt/1.3.27i X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Benjamin Krueger probably said: > * Thomas T. Veldhouse (veldy@veldy.net) [020311 13:10]: > > Does the new zlib overflow bug affect FreeBSD as well? > > Reference http://news.com.com/2100-1001-857008.html Full details at; http://www.gzip.org/zlib/advisory-2002-03-11.txt > The above problem is believed to originate in the glibc library. > FreeBSD does not use glibc, and thus should not be affected. > Don't Panic. =) The BSD free() implementation warns, but doesn't break, on free()ing a page that is already free so native things should be ok. However, linux binaries in the ports system and zlib/glibc in linux_base may well be affected to a greater or lesser degree. P. -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message