IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: [Bugs] FWD: zlib security bug also present in freeswan 1.95-2

From: Henry Spencer (henry_at_spsystems.net)
Date: Thu Mar 14 2002 - 02:20:25 CET

On Wed, 13 Mar 2002, Andreas Pretzsch wrote:
> The zlib malloc error (DSA 122-1) seems to be present in freeswan 1.95.
> At least the patch for zlib applies cleany to freeswan.
> Therefore I marked this report as critical.

The FreeS/WAN project classes this bug as non-critical, because an IPsec
packet must pass authentication (and be successfully decrypted) before our
copy of zlib is asked to decompress it, even if the configuration permits
compression (which the default ones do not). This greatly limits real
exposure as a result of this bug.

Our next release (1.97, expected at the beginning of April) will
incorporate the fix.

> I'll copy this mail to the freeswan bug mailing list, as I can't
> find an other contact.

Our mailing lists are our preferred form of contact, for both legal and
organizational reasons.

                                                          Henry Spencer
                                                       henry_at_spsystems.net

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST