misc/89012: FreeBSD-6.0 is still using zlib-1.2.2
Jukka A. Ukkonen
jau at iki.fi
Mon Nov 14 08:40:28 PST 2005
>Number: 89012
>Category: misc
>Synopsis: FreeBSD-6.0 is still using zlib-1.2.2
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 14 16:40:25 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Jukka A. Ukkonen
>Release: FreeBSD-6.0-STABLE
>Organization:
private citizen
>Environment:
This report does not refer to an installed FreeBSD-6.0 but to
plain source code review.
>Description:
The ZLIB origin site (www.zlib.net) states this...
------
Current release:
zlib 1.2.3
July 18, 2005
Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2:
------
For some odd reason FreeBSD-6.0 seems to be using zlib-1.2.2 though it is claimed
to carry security issues.
>How-To-Repeat:
Either look into the source tree /usr/src/lib/libz/zlib.h or
on systems with FreeBSD-6.0 already installed look into /usr/include/zlib.h.
There are lines like...
#define ZLIB_VERSION "1.2.2"
#define ZLIB_VERNUM 0x1220
though for zlib-1.2.3 they should be ...
#define ZLIB_VERSION "1.2.3"
#define ZLIB_VERNUM 0x1230
>Fix:
AFAIK zlib-1.2.3 should be a drop in replacement for 1.2.2
unless the original source files have been mutilated while imported to the
FreeBSD source tree.
Simply replace the 1.2.2 source files using the current 1.2.3 source files,
re-compile, and re-install.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list