[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: zlib bug

To: Ted U <grendel@heorot.stanford.edu>
Subject: Re: zlib bug
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Tue, 12 Mar 2002 09:11:36 -0700
Cc: Ian D <ian@assv.net>, misc@openbsd.org
References: <Pine.BSO.4.40.0203120020280.9483-100000@heorot.stanford.edu>

In message <Pine.BSO.4.40.0203120020280.9483-100000@heorot.stanford.edu>
	so spake Ted U (grendel):

> OpenBSD as a whole, until a few hours ago, was vulnerable to the flaw in
> any program that used libz (I count 7 in /usr/bin) would double free.  It
> just so happens that double freeing reports a warning instead of
> corrupting the heap.

Actually, I committed a fix for the problem in January.  We didn't
realize it was a security problem at the time (and neither did the
zlib folks).

 - todd

Follow-Ups:
- Re: zlib bug
  - From: Raymond M Schneider <ray@securityfoo.net>
- Re: zlib bug
  - From: Ted U <grendel@heorot.stanford.edu>

References:
- Re: zlib bug
  - From: Ted U <grendel@heorot.stanford.edu>

Prev by Date: mod_webapp
Next by Date: Re: zlib bug
Prev by thread: Re: zlib bug
Next by thread: Re: zlib bug
Index(es):
- Date
- Thread