[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: that whole zlib thing
On Wed, 13 Mar 2002, Darren Reed wrote:
> Further to that, it would appear that /sys/net/zlib.c was updated
> Jan 18 2002 by Todd (why did I delete your email before I'd let it
> sink in?). This leaves ppp in OpenBSD 3.0 and everything prior to
> that "vulnerable". I say "vulnerable" because I don't know what
> the impact is on the kernel - anyone tested this or doing any testing?
> Further to this, there has been no pullup of the patched for zlib.c
> (from 1.9 to 1.10) into the 3.0 branch, so using a "current" 3.0-stable
> will not bring in a fix. This might be worthwhile, maybe even onto
> 2.9 and 2.8 for users who are stuck?
OpenBSD is not vulnerable as OpenBSD's malloc implementation detects
double freeing of memory. The zlib shipped with OpenBSD has been fixed in
OpenBSD-current in January 2002.
But the impact on kernel is unknow.