From owner-freebsd-questions@FreeBSD.ORG Mon Jan 31 09:47:52 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FE9F16A4CE for ; Mon, 31 Jan 2005 09:47:52 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0166843D3F for ; Mon, 31 Jan 2005 09:47:51 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j0V9lhj64367; Mon, 31 Jan 2005 01:47:43 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Mark" , "'FreeBSD-Questions Questions'" Date: Mon, 31 Jan 2005 01:47:41 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <200501310428.j0V4S2bK052033@asarian-host.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Subject: RE: 1st security warning: "installed zlib version maycontainasecurity bug" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2005 09:47:52 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mark > Sent: Sunday, January 30, 2005 8:28 PM > To: 'FreeBSD-Questions Questions' > Subject: RE: 1st security warning: "installed zlib version > maycontainasecurity bug" > > > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org > > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Ted > > Mittelstaedt > > Sent: maandag 31 januari 2005 1:40 > > To: Lowell Gilbert; Timothy Luoma > > Cc: FreeBSD-Questions Questions > > Subject: RE: 1st security warning: "installed zlib version > > may containasecurity bug" > > > > zlib is part of the base OS it should be at version 1.2.2 in > > FreeBSD 4.11R, since version 1.2.2 was released in October > > 2004. > > Ok, now you got me worried. How do I check my current version? man zlib > I am on FreeBSD 4.10R, with the all the latest security patches. > Or so I thought. > > > Keep in mind that this WILL NOT fix the zlib security hole in > > the system. zlib is probably linked into a number of utilities > > on your system and a proper fix would be to replace the zlib > > library, and recompile all the utilities in the system that > > are linked into the static library. > > If there is a security hole, how come there is no advisory on the > FreeBSD site? Or is there a place I did not look? > there isn't one, because the CERT advisory only listed 1.2.x you didn't read my second e-mail, obviously. Ted