Bugtraq mailing list archives

Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris

From: John D Groenveld <jdg117 () elvis arl psu edu>
Date: Thu, 14 Mar 2002 18:24:05 -0500


------- Forwarded Message

Return-Path: Heather.Raybould () sun com
Delivery-Date: Thu Mar 14 06:36:51 2002
Received: from arlc.arl.psu.edu ([128.118.19.195]:3465 "EHLO arlc.arl.psu.edu")
        by elvis.arl.psu.edu with ESMTP id <S858890AbSCNLgp>;
        Thu, 14 Mar 2002 06:36:45 -0500
Received: from mail.acm.org ("port 40756"@[199.222.69.4])
 by arlvax.arl.psu.edu (PMDF V5.2-32 #37504)
 with ESMTP id <01KFCARAKKW4984J7Y () arlvax arl psu edu> for
 jdg117 () elvis arl psu edu; Thu, 14 Mar 2002 06:36:45 EST
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
        by mail.acm.org (8.9.3/8.9.3) with ESMTP id GAA58220    for <groenveld () acm org>;
 Thu, 14 Mar 2002 06:34:27 -0500
Received: from bu-ewat02-01.uk.sun.com ([129.156.199.2])
        by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id DAA18830     for
 <groenveld () acm org>; Thu, 14 Mar 2002 03:36:43 -0800 (PST)
Received: from sr-ewat02-01 (sr-ewat02-01.UK.Sun.COM [129.156.199.4])
        by bu-ewat02-01.uk.sun.com (8.10.2+Sun/8.10.2/ENSMAIL,v2.2)
 with SMTP id g2EBaes11305; Thu, 14 Mar 2002 11:36:40 +0000 (GMT)
Date:   Thu, 14 Mar 2002 11:36:44 +0000 (GMT)
From:   Heather Raybould - Sun UK - Security Engineer 
        <Heather.Raybould () sun com>
Subject: Re: CERT Advisory CA-2002-07 Double Free Bug in zlib Compression
 Library
To:     groenveld () acm org
Reply-to: Heather Raybould - Sun UK - Security Engineer 
          <Heather.Raybould () sun com>
Message-id: <200203141136.g2EBaes11305 () bu-ewat02-01 uk sun com>
MIME-version: 1.0
X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.5_47 SunOS 5.9 sun4u sparc
Content-type: TEXT/plain; charset=us-ascii
Content-MD5: mBjXc+TH0HBrGRbtuteHmg==
Return-Path: <Heather.Raybould () sun com>
X-Orcpt: rfc822;jdg117 () elvis arl psu edu

Hi John,

Why isn't Sun mentioned?
John
groenveld () acm org

I am not sure why there is no statement from Sun on the CERT site as yet. 

The SUNWzlib package is affected and Sun is in the process of addressing the 
issue. When a rememdy is available, Sun will release a Security Bulletin with 
details.

Sun is continuing to investigate what other impacts this may have on our 
products and on the programs available on the Sun freeware CD.

Bulletins are available from 
http://sunsolve.sun.com/security

Hope this helps.

Regards,
Heather Raybould
security-alert () sun com

------- End of Forwarded Message

Current thread:

exploiting the zlib bug in openssh H D Moore (Mar 12)
- OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Michael Leo (Mar 12)
  - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Christopher X. Candreva (Mar 13)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Brent J. Nordquist (Mar 13)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Lisa Bogar (Mar 14)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris John D Groenveld (Mar 14)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Thomas Insel (Mar 15)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Casper Dik (Mar 15)