From owner-freebsd-questions@FreeBSD.ORG Mon Jan 31 04:28:04 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A705116A4CE for ; Mon, 31 Jan 2005 04:28:04 +0000 (GMT) Received: from mail.asarian-host.net (mail.asarian-host.net [194.109.160.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8B1F43D3F for ; Mon, 31 Jan 2005 04:28:03 +0000 (GMT) SRS0=x8VQLxpA=QO=asarian-host.net=admin@asarian-host.net) Received: from anonymizer.asarian-host.net (localhost [127.0.0.1]) (authenticated bits=0) by mail.asarian-host.net (8.13.3/8.13.3) with ESMTP id j0V4S2NQ052043 for ; Mon, 31 Jan 2005 05:28:02 +0100 (CET) (envelope-from admin@asarian-host.net) From: Mark Received-SPF: pass (asarian-host.net: domain of admin@asarian-host.net designates sender IP as SASL permitted sender) Message-Id: <200501310428.j0V4S2bK052033@asarian-host.net> Date: Mon, 31 Jan 2005 04:28:02 GMT X-Authenticated-Sender: admin@asarian-host.net X-Trace: CDdic7Ue5JlRGkfAX4abMAq41lyAOo6Y38TsOFsdfpBfeTTicjsxxrzzfsZ4ZJcBstB9J4DhGspUk3oLDE4JTA== X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers, otherwise we are unable to process your complaint Organization: Asarian-host To: "'FreeBSD-Questions Questions'" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Auth: Asarian-host PGP signature iQEVAwUAQf2z0jFqW1BleBN9AQHoBAgAkfOfZrGZvaish0yaGL8xjuH8oam0ZB2A jMAUF2NJ95nzbQvLlDElk9+ir/j2flvS/SJQRjxKkl3ra5TXKYHVYoEJFZqvViuz QVkC0NeK4eznlvk3L9VZ8Bc4/ya00/NKx3JQtn2GaVqTddCQWGny1r2Uax/JX8JZ TcVaRxn0UOUhbkG0a+fMfY7QvEwLJ89+4WAOpb0FhvyUPAgHXwP8VT4TU2sV9+Ef Yd3DZVlEuQmQC+mVf51xsE8Cnqxwnd+FdpP9/Sx9mwy4trxBy9FWf8dPr9RH4N5d I3ZUTHHSYb/VuvmYxdkgcPkcYBsGG7Lg1v6L6LOyQFzNtMeK2RIaJA== =EDFl Subject: RE: 1st security warning: "installed zlib version may containasecurity bug" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 04:28:04 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Ted > Mittelstaedt > Sent: maandag 31 januari 2005 1:40 > To: Lowell Gilbert; Timothy Luoma > Cc: FreeBSD-Questions Questions > Subject: RE: 1st security warning: "installed zlib version > may containasecurity bug" > > zlib is part of the base OS it should be at version 1.2.2 in > FreeBSD 4.11R, since version 1.2.2 was released in October > 2004. Ok, now you got me worried. How do I check my current version? I am on FreeBSD 4.10R, with the all the latest security patches. Or so I thought. > Keep in mind that this WILL NOT fix the zlib security hole in > the system. zlib is probably linked into a number of utilities > on your system and a proper fix would be to replace the zlib > library, and recompile all the utilities in the system that > are linked into the static library. If there is a security hole, how come there is no advisory on the FreeBSD site? Or is there a place I did not look? Thanks, - Mark