[24709] in bugtraq
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Mar 15 18:56:29 2002
Message-Id: <200203152146.WAA20310@romulus.Holland.Sun.COM>
To: Thomas Insel <tinsel@tinsel.org>
Cc: bugtraq@securityfocus.com
In-reply-to: Your message of "Fri, 15 Mar 2002 12:15:02 PST."
<Pine.BSF.4.32L2.0203151204380.34545-100000@lenny.sfrn.dnai.com>
Date: Fri, 15 Mar 2002 22:46:53 +0100
From: Casper Dik <Casper.Dik@Sun.COM>
>On Thu, 14 Mar 2002, Lisa Bogar wrote:
>
>> By the way ... Sun will NOT be producing a patch for zlib. Its Freeware
>> so they don't patch those. I checked with Sun when the zlib problem
>> surfaced earlier this week. You should not count on overriding the old
>> version of zlib, but instead uninstall and then reinstall the new pkg.
>
>This is a bit annoying, as zlib lives in the SUNWzlib and SUNWzlibx
>packages that come on the Software Disc 2 of Solaris 8. Both the
>package names and locations would normally imply it was supported.
THEY ARE SUPPORTED PACKAGES.
Lisa is blowing smoke.
We are working on patches; the second copy of zlib (zlibx) is an historical
accident because it was unsure zlib would make Solaris 8 in /usr/lib.
Furthermore, it appears that our libc's malloc catches double frees
in several ways; that may also lower the risk somewhat.
(We have 10 more malloc libraries, I think, so beware)
Casper
