misc/89012: FreeBSD-6.0 is still using zlib-1.2.2
kris at obsecurity.org
Mon Nov 14 18:50:24 PST 2005
The following reply was made to PR kern/89012; it has been noted by GNATS.
From: Kris Kennaway <kris at obsecurity.org>
To: "Jukka A. Ukkonen" <jau at iki.fi>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/89012: FreeBSD-6.0 is still using zlib-1.2.2
Date: Mon, 14 Nov 2005 21:43:09 -0500
On Mon, Nov 14, 2005 at 04:38:59PM +0000, Jukka A. Ukkonen wrote:
> >Number: 89012
> >Category: misc
> >Synopsis: FreeBSD-6.0 is still using zlib-1.2.2
> >Confidential: no
> >Severity: serious
> >Priority: medium
> >Responsible: freebsd-bugs
> >State: open
> >Class: sw-bug
> >Submitter-Id: current-users
> >Arrival-Date: Mon Nov 14 16:40:25 GMT 2005
> >Originator: Jukka A. Ukkonen
> >Release: FreeBSD-6.0-STABLE
> private citizen
> This report does not refer to an installed FreeBSD-6.0 but to
> plain source code review.
> The ZLIB origin site (www.zlib.net) states this...
> Current release:
> zlib 1.2.3
> July 18, 2005
> Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2, so all users of those versions should upgrade immediately. The following important fixes are provided in zlib 1.2.3 over 1.2.1 and 1.2.2:
> For some odd reason FreeBSD-6.0 seems to be using zlib-1.2.2 though it is claimed
> to carry security issues.
The security issues were fixed without performing a full upgrade to
1.2.3 (as described in the relevant FreeBSD security advisory). Do
you have reason to believe otherwise?
More information about the freebsd-bugs