Two possible vulnerabilities?
From: Mohacsi Janos (mohacsi_at_niif.hu)
Date: 07/01/04
- Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:13.linux"
- Next in thread: Jos Hörchner: "wrong security branch name?"
- Reply: Jos Hörchner: "wrong security branch name?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Jul 2004 15:28:41 +0200 (CEST) To: freebsd-security@freebsd.org
Dear all,
Browsing through the securityfocus vulnerability database I found
two items, that might interesting for the FreeBSD community:
1. GNU GNATS Syslog() Format String Vulnerability
http://www.securityfocus.com/bid/10609
GNATS is vital part of the PR handling of FreeBSD. I think security
officers should contact developers of GNU GNATS about this issue to resolve
the potential problem.
2. gzip: Insecure creation of temporary files
http://www.securityfocus.com/bid/10603
In reality this affects only znew and gzexe only gzip version prior
1.3.3-r4
I am not quite sure about the whether this vulnerability exist in the
current gzip 1.2.4, that is used in FreeBSD. According to the gzip page:
http://www.gzip.org - new official version will be posted soon....
Are there any plan to go forward gzip 1.3 ?
Best Regards,
Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:13.linux"
- Next in thread: Jos Hörchner: "wrong security branch name?"
- Reply: Jos Hörchner: "wrong security branch name?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
