From owner-freebsd-ports  Mon Mar 11 16: 0:42 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from wwweasel.geeksrus.net (wwweasel.geeksrus.net [64.8.210.226])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8117A37B404; Mon, 11 Mar 2002 16:00:36 -0800 (PST)
Received: (from alane@localhost)
	by wwweasel.geeksrus.net (8.11.6/8.11.6) id g2BNxPl70855;
	Mon, 11 Mar 2002 18:59:25 -0500 (EST)
	(envelope-from alane)
Date: Mon, 11 Mar 2002 18:59:24 -0500
From: Alan Eldridge <alane@geeksrus.net>
To: Brooks Davis <brooks@one-eyed-alien.net>
Cc: FreeBSD Stable List <freebsd-stable@FreeBSD.ORG>
Subject: Re: zlib security advisory
Message-ID: <20020311235924.GA70842@wwweasel.geeksrus.net>
References: <20020311233900.GC70667@wwweasel.geeksrus.net> <20020311155230.A24573@Odin.AC.HMC.Edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020311155230.A24573@Odin.AC.HMC.Edu>
User-Agent: Mutt/1.3.27i
X-message-flag: Magic 8-Ball says "Outlook not so good." I'll ask it about Exchange next.
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

On Mon, Mar 11, 2002 at 03:52:30PM -0800, Brooks Davis wrote:
>On Mon, Mar 11, 2002 at 06:39:00PM -0500, Alan Eldridge wrote:
>> Redhat just announced a security problem is zlib which affects, oh,
>> half the bloody world of network programs. A CERT advisory is expected
>> to follow. Do we have a patch, or should I work one up based on
>> RedHat's?
>> 
>> http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html
>
>The updated zlib has been commited to current stable will presumably
>follow shortly.  Additionaly, phk says that the FreeBSD malloc should
>not be vulnerable to exploits of this type.  It will produce a warning
>and either continue or exit depending on your malloc flags.

FWIW RH notes several things that either have their own copy of zlib
that needs to be patched or that statically link and so need to be rebuilt.

Has anyone produced such a list for FBSD, or is it not applicable to us?

I suppose, to be safe, an inventory of ports needs to be done, too. Urk.
 
-- 
Alan Eldridge
"Dave's not here, man."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message