[24693] in bugtraq
Re: OpenSSH rebuild warning: problems avoiding zlib problems in
daemon@ATHENA.MIT.EDU (John D Groenveld)
Thu Mar 14 20:17:22 2002
To: Lisa Bogar <lbogar@gemini.oscs.montana.edu>
Cc: "Brent J. Nordquist" <b-nordquist@bethel.edu>,
"Christopher X. Candreva" <chris@westnet.com>,
Michael Leo <mleo@cariboulake.com>, bugtraq@securityfocus.com
In-Reply-To: Message from Lisa Bogar <lbogar@gemini.oscs.montana.edu>
of "Thu, 14 Mar 2002 08:51:48 MST." <Pine.OSF.3.95.1020314084924.22240D-100000@gemini.oscs.montana.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 14 Mar 2002 18:24:05 -0500
From: John D Groenveld <jdg117@elvis.arl.psu.edu>
Message-Id: <20020314232414Z858891-502+412@elvis.arl.psu.edu>
------- Forwarded Message
Return-Path: Heather.Raybould@sun.com
Delivery-Date: Thu Mar 14 06:36:51 2002
Received: from arlc.arl.psu.edu ([128.118.19.195]:3465 "EHLO arlc.arl.psu.edu")
by elvis.arl.psu.edu with ESMTP id <S858890AbSCNLgp>;
Thu, 14 Mar 2002 06:36:45 -0500
Received: from mail.acm.org ("port 40756"@[199.222.69.4])
by arlvax.arl.psu.edu (PMDF V5.2-32 #37504)
with ESMTP id <01KFCARAKKW4984J7Y@arlvax.arl.psu.edu> for
jdg117@elvis.arl.psu.edu; Thu, 14 Mar 2002 06:36:45 EST
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
by mail.acm.org (8.9.3/8.9.3) with ESMTP id GAA58220 for <groenveld@acm.org>;
Thu, 14 Mar 2002 06:34:27 -0500
Received: from bu-ewat02-01.uk.sun.com ([129.156.199.2])
by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id DAA18830 for
<groenveld@acm.org>; Thu, 14 Mar 2002 03:36:43 -0800 (PST)
Received: from sr-ewat02-01 (sr-ewat02-01.UK.Sun.COM [129.156.199.4])
by bu-ewat02-01.uk.sun.com (8.10.2+Sun/8.10.2/ENSMAIL,v2.2)
with SMTP id g2EBaes11305; Thu, 14 Mar 2002 11:36:40 +0000 (GMT)
Date: Thu, 14 Mar 2002 11:36:44 +0000 (GMT)
From: Heather Raybould - Sun UK - Security Engineer
<Heather.Raybould@sun.com>
Subject: Re: CERT Advisory CA-2002-07 Double Free Bug in zlib Compression
Library
To: groenveld@acm.org
Reply-to: Heather Raybould - Sun UK - Security Engineer
<Heather.Raybould@sun.com>
Message-id: <200203141136.g2EBaes11305@bu-ewat02-01.uk.sun.com>
MIME-version: 1.0
X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.5_47 SunOS 5.9 sun4u sparc
Content-type: TEXT/plain; charset=us-ascii
Content-MD5: mBjXc+TH0HBrGRbtuteHmg==
Return-Path: <Heather.Raybould@sun.com>
X-Orcpt: rfc822;jdg117@elvis.arl.psu.edu
Hi John,
> Why isn't Sun mentioned?
> John
> groenveld@acm.org
I am not sure why there is no statement from Sun on the CERT site as yet.
The SUNWzlib package is affected and Sun is in the process of addressing the
issue. When a rememdy is available, Sun will release a Security Bulletin with
details.
Sun is continuing to investigate what other impacts this may have on our
products and on the programs available on the Sun freeware CD.
Bulletins are available from
http://sunsolve.sun.com/security
Hope this helps.
Regards,
Heather Raybould
security-alert@sun.com
------- End of Forwarded Message
