Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Mar 2002 20:25:38 -0600 (CST)
From:      hawkeyd@visi.com (D J Hawkey Jr)
To:        sst@vmunix.dk, freebsd-security@freebsd.org
Subject:   Re: zlib overflow problem?
Message-ID:  <200203120225.g2C2PcY23553@sheol.localdomain>
In-Reply-To: <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net>
References:  <00e101c1c942$b6bfeb60$3028680a_tgt.com@ns.sol.net> <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net>

next in thread | previous in thread | raw e-mail | index | archive | help
In article <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net>,
	sst@vmunix.dk writes:
> On Mon, Mar 11, 2002 at 03:21:30PM -0600, Thomas T. Veldhouse wrote:
>> Where did you see that information.  I can not verify your statement.
>> 
>> Here is the RedHat posting.  They don't even mention any changes or updates
>> to glibc.
> 
> The zlib bug is an issue on Linux-systems due to the brokeness of
> glibc malloc.
> 
> There aren't any changes or updates to glibc because this specific
> issue was resolved within zlib; fixing the double free(), which
> causes a warning on most systems but trouble on glibc-systems.

Um, on FreeBSD, aren't we talking about /usr/local/lib/libglib12.*?
The library that so many Linux-born apps that are found in the ports
collection depend on?

If so, then aren't any ports that depend on it and libz vulnerable?
Taking it a step further, aren't _any_ of the ports that depend on
libglib12 at least suspect?

If so [again], then the one comment on Slashdot is all too accurate:
"This is huge.". If not for us BSDen, certainly for the Linuxen. If
they won't fix their glibc, and it is one as the same as libglib12,
wouldn't a patch-update for the libglib12 port fix things for us?

TIA,
Dave

-- 

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203120225.g2C2PcY23553>