[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: that whole zlib thing

To: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: that whole zlib thing
From: Dries Schellekens <gwyllion@ace.ulyssis.org>
Date: Wed, 13 Mar 2002 06:26:37 +0100 (CET)
Cc: <misc@openbsd.org>

On Wed, 13 Mar 2002, Darren Reed wrote:

> Further to that, it would appear that /sys/net/zlib.c was updated
> Jan 18 2002 by Todd (why did I delete your email before I'd let it
> sink in?).  This leaves ppp in OpenBSD 3.0 and everything prior to
> that "vulnerable".  I say "vulnerable" because I don't know what
> the impact is on the kernel - anyone tested this or doing any testing?
>
> Further to this, there has been no pullup of the patched for zlib.c
> (from 1.9 to 1.10) into the 3.0 branch, so using a "current" 3.0-stable
> will not bring in a fix.  This might be worthwhile, maybe even onto
> 2.9 and 2.8 for users who are stuck?

http://www.cert.org/advisories/CA-2002-07.html
OpenBSD is not vulnerable as OpenBSD's malloc implementation detects
double freeing of memory. The zlib shipped with OpenBSD has been fixed in
OpenBSD-current in January 2002.

But the impact on kernel is unknow.

-- 
Dries Schellekens
email: gwyllion@ulyssis.org

References:
- Re: that whole zlib thing
  - From: Darren Reed <avalon@coombs.anu.edu.au>

Prev by Date: Re: Help! pf.conf
Next by Date: Re: Help! pf.conf
Prev by thread: Re: that whole zlib thing
Next by thread: Re: that whole zlib thing
Index(es):
- Date
- Thread