Bugtraq mailing list archives

Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris

From: Casper Dik <Casper.Dik () Sun COM>
Date: Fri, 15 Mar 2002 22:46:53 +0100

On Thu, 14 Mar 2002, Lisa Bogar wrote:

By the way ... Sun will NOT be producing a patch for zlib.  Its Freeware
so they don't patch those.  I checked with Sun when the zlib problem
surfaced earlier this week.  You should not count on overriding the old
version of zlib, but instead uninstall and then reinstall the new pkg.


This is a bit annoying, as zlib lives in the SUNWzlib and SUNWzlibx
packages that come on the Software Disc 2 of Solaris 8.  Both the
package names and locations would normally imply it was supported.


THEY ARE SUPPORTED PACKAGES.

Lisa is blowing smoke.

We are working on patches; the second copy of zlib (zlibx) is an historical
accident because it was unsure zlib would make Solaris 8 in /usr/lib.

Furthermore, it appears that our libc's malloc catches double frees
in several ways; that may also lower the risk somewhat.

(We have 10 more malloc libraries, I think, so beware)

Casper

Current thread:

exploiting the zlib bug in openssh H D Moore (Mar 12)
- OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Michael Leo (Mar 12)
  - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Christopher X. Candreva (Mar 13)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Brent J. Nordquist (Mar 13)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Lisa Bogar (Mar 14)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris John D Groenveld (Mar 14)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Thomas Insel (Mar 15)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Casper Dik (Mar 15)