Displaying 20 results from an estimated 20000 matches similar to: "zlib"
2002 Mar 22
1
Is OpenSSH vulnerable to the ZLIB problem or isn't it?
SSH.COM says their SSH2 is not vulnerable to the ZLIB problem even though
they use the library (details below). Can OpenSSH say the same thing?
In either case, it seems like there ought to be an openssh-unix-announce
message about what the situation is. I may have missed it, but I don't
believe there was one. Yes, openssh doesn't have its own copy of zlib
source but it would still be
2005 Nov 06
2
What happened with portaudit?
Hello,
One of my machines I got a report about 3 vulnerable packages (php4,
ruby, openssl) in tomorrows security run output, but in today's security
run output all of them disappeared, but nobody upgraded or removed the
affected packages. I reinstalled portaudit, refreshd its database, but
now it reports 0 affected pakages. The pkg_info command lists that three
packages, so they are
2005 Jul 07
1
rsync 2.6.6pre1 released (ALERT: info on zlib security flaw)
There has been some talk about a zlib security problem that could let
someone overflow the buffers in the zlib decompression code, potentially
allowing someone to craft an exploit to execute arbitrary code. Since
this is a decompression bug, this can only affect an rsync daemon if
it allows uploads with the --compress option enabled.
If you run a daemon that allows uploads, you may wish to add
2005 Jul 07
1
rsync 2.6.6pre1 released (ALERT: info on zlib security flaw)
There has been some talk about a zlib security problem that could let
someone overflow the buffers in the zlib decompression code, potentially
allowing someone to craft an exploit to execute arbitrary code. Since
this is a decompression bug, this can only affect an rsync daemon if
it allows uploads with the --compress option enabled.
If you run a daemon that allows uploads, you may wish to add
2005 Jul 27
2
[Bug 1063] Checking for zlib version 1.2.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1063
Summary: Checking for zlib version 1.2.3
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://www.zlib.net/
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket at
2007 Mar 29
2
Integer underflow in the "file" program before 4.20
Hello
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
"Integer underflow in the file_printf function in the "file" program
before 4.20 allows user-assisted attackers to execute arbitrary code via
a file that triggers a heap-based buffer overflow."
Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
port has 4.20.
Regards,
Thomas
--
Terry
2006 Sep 13
2
ports / www/linux-seamonkey / flashplugin vulnerability
Hi!
Since linux-flashplugin7 r63 is vulnerable according to
http://vuxml.FreeBSD.org/7c75d48c-429b-11db-afae-000c6ec775d9.html
isn't www/linux-seamonkey vulerable, too (it seems to include 7 r25)?
Bye
Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
2006 Sep 30
9
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2005 Jul 07
1
[Fwd: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow]
Has Centos been tested for this yet?
-------- Original Message --------
Subject: [Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow
Date: Wed, 06 Jul 2005 16:23:20 +0200
From: Thierry Carrez <koon at gentoo.org>
Organization: Gentoo Linux
To: gentoo-announce at lists.gentoo.org
CC: full-disclosure at lists.grok.org.uk,
bugtraq at securityfocus.com, security-alerts at
2005 Aug 28
1
Arcoread7 secutiry vulnerability
Hi!
cc'd to freebsd-security@ as somebody there may correct me,
cc'd to secteam@ as maintaner of security/portaudit.
On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote:
> I've just updated my acroread port to 7.0.1 & was surprised when portaudit
> still listed it as a vulnerability.
I think it is portaudit problem.
> According to
2006 Sep 30
9
FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:22.openssh Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSH
Category: contrib
Module: openssh
Announced:
2005 Sep 07
2
Problem with portaudit's database
Hello!
Yesterday portaudit notified me about squid's vulnerability, but today it
didn't (despite I haven't upgraded squid). This has attracted my attention,
so I've compared yesterday's and today's auditfile.tbz:
-r--r--r-- 1 root wheel 29875 Sep 6 15:40 auditfile.tbz
vs.
-r--r--r-- 1 root wheel 5685 Sep 7 10:11 auditfile.tbz
I don't see commits to
2005 Jul 06
1
FreeBSD Security Advisory FreeBSD-SA-05:16.zlib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:16.zlib Security Advisory
The FreeBSD Project
Topic: Buffer overflow in zlib
Category: core
Module: libz
Announced: 2005-07-06
Credits:
2005 May 15
1
About the vulnerabilities in tcpdump and gzip.
Dear list,
About a week ago, right after 5.4-RELEASE was released, I received a
mail from Gentoo Linux's security announcement list about a flaw in
tcpdump and gzip. Since none of them are operating system related, I
assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for
the HTT security issue so I wonder, is the FreeBSD version of tcpdump
and/or gzip are secured or simply
2007 Aug 02
1
Fw: FreeBSD Security Advisory FreeBSD-SA-07:07.bind
> John Freeman wrote:
>
>> Same problem on AMD64 build. I'm too lazy to attach full text, this
>> system doesn't use bind and jail.
>
> What branch are you tracking?
>
> Doug
>
6.2 STABLE (RELENG_6 latest cvs) amd64
-
2002 Aug 19
4
Building 3.0p1 on HPUX 10.2, gcc, zlib 1.1.4
Hi everybody,
I've never posted here before but I seem to be having a similar problem to
what Tim Rice had in July, namely when running the configure script I get
the following:
configure: error: *** zlib missing - please install first or check
config.log ***
However, I have definitely installed zlib (see below):
dngwks1:/tmp/openssh-3.0p1 # swlist
# Initializing...
# Contacting target
2005 Sep 07
2
ee using 99% cpu after user ssh session terminates abnormaly
Recently i have been using a dialup 56k account to access the net
and have noticed that when my ssh session times out and I am editing
a file in ` ee ' the system goes to 99% cpu usage and stays like
this till the pid is killed.
This is a standard user account (not root/su)
Would a user be able to create a denial of service condition
on the remote system using this bug?
(sorry if this is
2006 Jan 19
1
OpenSSH 4.0 p1 and zlib vulnerability
Hi,
Im using OpenSSH 4.0 p1 linked with zlib version less then 1.2.2 in a number
of systems. These are all production systems where I can't upgrade the
service. I have a question that if I disable the compression by setting
"compression no" in sshd_config, will I be able to overcome the Buffer
overflow vulnerability in zlib. I just glanced through the code and it seems
sshd is
2002 Mar 13
3
zlib compression, the exploit, and OpenSSH
Attached is a zlib advisory and a debug dump of ssh with compression
enabled. Most of the debug is superflous, so I have underlined the two
points to look at. When creating an ssh connection, compression on the
line is done *before* authentication -- This means an unauthorized
attacker could, conceivable, leverage root access by connecting with to
the ssh server requesting zlib compression and
2003 May 28
1
FW: Question about logging.
I'm forwarding this to security@, as I'm getting no replies on ipfw@.
Hope it's relevant enough for you :(
---Original Message-----
From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org]
On Behalf Of Erik Paulsen Skålerud
Sent: Wednesday, May 28, 2003 1:02 AM
To: ipfw@freebsd.org
Subject: Question about logging.
Sorry for asking this, It's probably been