From owner-freebsd-questions Tue Mar 12 0: 0:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from creme-brulee.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46]) by hub.freebsd.org (Postfix) with ESMTP id 5D8F537B400 for ; Tue, 12 Mar 2002 00:00:46 -0800 (PST) Received: from shumai.marcuscom.com (shumai.marcuscom.com [192.168.1.4]) by creme-brulee.marcuscom.com (8.11.6/8.11.6) with ESMTP id g2C7xWK82187; Tue, 12 Mar 2002 02:59:32 -0500 (EST) (envelope-from marcus@marcuscom.com) Subject: Re: zLib 1.1.3 bug also applicable in FreeBSD? From: Joe Clarke To: Raymond Doetjes Cc: FreeBSD User Questions List In-Reply-To: <3C8DB005.9141D2C@phonax.com> References: <3C8DB005.9141D2C@phonax.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-OrUyNnjQ6Poc2Cb+EdSa" X-Mailer: Evolution/1.0.2 Date: 12 Mar 2002 03:00:56 -0500 Message-Id: <1015920056.90885.1.camel@shumai.marcuscom.com> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-OrUyNnjQ6Poc2Cb+EdSa Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2002-03-12 at 02:36, Raymond Doetjes wrote: > L.S: >=20 > I don't know whether you have heard it from the Linux distro's but zlib > has a potential exploit due to the fact that alloced memory can be freed > twice. > zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also > used on FreeBSD and undoubtedly the bug is in here aswell. >=20 > Are there security advisories available and updated ports that link to > 1.1.4 instead of 1.1.3? > Does FreeBSD ports collection only do a dynamic link to zlib or also > static? This has been discussed throughout the day. The last I heard was that the malloc() used by FreeBSD (phk's malloc) is not vulnerable to this problem. However, checking the archives of freebsd-ports and freebsd-stable will get you up-to-date. Joe >=20 > Raymond >=20 > -- > Unix Solutions http://www.phonax.com mailto:rdoetjes@phonax.com >=20 > Unix is not "just" an Operating System > Unix is a way of life >=20 > phone: (+)31 (0)30 6061361 > mobile: (+)31 (0)6 11437280 >=20 >=20 --=-OrUyNnjQ6Poc2Cb+EdSa Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjyNtbcACgkQb2iPiv4Uz4dAbwCeP50TOaLVBxXAtTcSzF2mnNtC X2kAnRFBa7AXHnlqx5p3dr/fBJtHBvr1 =quCV -----END PGP SIGNATURE----- --=-OrUyNnjQ6Poc2Cb+EdSa-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message