About the vulnerabilities in tcpdump and gzip.
Jesper Wallin
jesper at hackunite.net
Sun May 15 13:56:31 PDT 2005
Dear list,
About a week ago, right after 5.4-RELEASE was released, I received a
mail from Gentoo Linux's security announcement list about a flaw in
tcpdump and gzip. Since none of them are operating system related, I
assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for
the HTT security issue so I wonder, is the FreeBSD version of tcpdump
and/or gzip are secured or simply forgotten/ignored?
tcpdump references:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280
gzip references:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228
Best regards,
Jesper Wallin
More information about the freebsd-security
mailing list