Date: Tue, 12 Mar 2002 08:36:38 +0100 From: Raymond Doetjes <rdoetjes@phonax.com> To: freebsd-questions@FreeBSD.ORG Subject: zLib 1.1.3 bug also applicable in FreeBSD? Message-ID: <3C8DB005.9141D2C@phonax.com>
next in thread | raw e-mail | index | archive | help
--------------740EBA1BCCE8AD33C6BA4CAD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit L.S: I don't know whether you have heard it from the Linux distro's but zlib has a potential exploit due to the fact that alloced memory can be freed twice. zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also used on FreeBSD and undoubtedly the bug is in here aswell. Are there security advisories available and updated ports that link to 1.1.4 instead of 1.1.3? Does FreeBSD ports collection only do a dynamic link to zlib or also static? Raymond -- Unix Solutions http://www.phonax.com mailto:rdoetjes@phonax.com Unix is not "just" an Operating System Unix is a way of life phone: (+)31 (0)30 6061361 mobile: (+)31 (0)6 11437280 --------------740EBA1BCCE8AD33C6BA4CAD Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> L.S: <p>I don't know whether you have heard it from the Linux distro's but zlib has a potential exploit due to the fact that alloced memory can be freed twice. <br>zlib is commonly used in al kinds of compress tools, zlib-1.1.3 is also used on FreeBSD and undoubtedly the bug is in here aswell. <p>Are there security advisories available and updated ports that link to 1.1.4 instead of 1.1.3? <br>Does FreeBSD ports collection only do a dynamic link to zlib or also static? <p>Raymond <pre>-- Unix Solutions <A HREF="http://www.phonax.com">http://www.phonax.com</A> <A HREF="mailto:rdoetjes@phonax.com">mailto:rdoetjes@phonax.com</A> Unix is not "just" an Operating System Unix is a way of life phone: (+)31 (0)30 6061361 mobile: (+)31 (0)6 11437280</pre> </html> --------------740EBA1BCCE8AD33C6BA4CAD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C8DB005.9141D2C>