Date: Mon, 11 Mar 2002 18:31:16 -0800 From: "DiCioccio, Jason" <jdicioccio@epylon.com> To: "'hawkeyd@visi.com'" <hawkeyd@visi.com>, sst@vmunix.dk, freebsd-security@freebsd.org Subject: RE: zlib overflow problem? Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF49B@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 glib is not glibc. If you want to talk glibc, there is a copy in /compat/linux if you installed linux-base* Cheers, - -JD- - -----Original Message----- From: hawkeyd@visi.com [mailto:hawkeyd@visi.com] Sent: Monday, March 11, 2002 6:26 PM To: sst@vmunix.dk; freebsd-security@freebsd.org Subject: Re: zlib overflow problem? In article <20020312022651.A14838_fnyx.vmunix.dk@ns.sol.net>, sst@vmunix.dk writes: > On Mon, Mar 11, 2002 at 03:21:30PM -0600, Thomas T. Veldhouse wrote: >> Where did you see that information. I can not verify your statement. >> >> Here is the RedHat posting. They don't even mention any changes or updates >> to glibc. > > The zlib bug is an issue on Linux-systems due to the brokeness of > glibc malloc. > > There aren't any changes or updates to glibc because this specific > issue was resolved within zlib; fixing the double free(), which > causes a warning on most systems but trouble on glibc-systems. Um, on FreeBSD, aren't we talking about /usr/local/lib/libglib12.*? The library that so many Linux-born apps that are found in the ports collection depend on? If so, then aren't any ports that depend on it and libz vulnerable? Taking it a step further, aren't _any_ of the ports that depend on libglib12 at least suspect? If so [again], then the one comment on Slashdot is all too accurate: "This is huge.". If not for us BSDen, certainly for the Linuxen. If they won't fix their glibc, and it is one as the same as libglib12, wouldn't a patch-update for the libglib12 port fix things for us? TIA, Dave - -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPI1qa78+wXo6G32BEQKV4QCcCX1EoBX/q0bWPAtogVoIRWrzxLAAnR6L Dbj31gcq1x1Cjg6g3ZxDwsy0 =eHzF -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFF49B>