Date: Thu, 1 Jul 2004 15:28:41 +0200 (CEST) From: Mohacsi Janos <mohacsi@niif.hu> To: freebsd-security@freebsd.org Subject: Two possible vulnerabilities? Message-ID: <20040701150125.S78298@mignon.ki.iif.hu>
next in thread | raw e-mail | index | archive | help
Dear all, Browsing through the securityfocus vulnerability database I found two items, that might interesting for the FreeBSD community: 1. GNU GNATS Syslog() Format String Vulnerability http://www.securityfocus.com/bid/10609 GNATS is vital part of the PR handling of FreeBSD. I think security officers should contact developers of GNU GNATS about this issue to resolve the potential problem. 2. gzip: Insecure creation of temporary files http://www.securityfocus.com/bid/10603 In reality this affects only znew and gzexe only gzip version prior 1.3.3-r4 I am not quite sure about the whether this vulnerability exist in the current gzip 1.2.4, that is used in FreeBSD. According to the gzip page: http://www.gzip.org - new official version will be posted soon.... Are there any plan to go forward gzip 1.3 ? Best Regards, Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040701150125.S78298>