On Tue, 12 Mar 2002, John Hunter wrote: > According to the reg article > http://theregister.co.uk/content/5/24387.html on the zlib > vulnerability, ssh is one of the apps that contains the zlib bug built > in (ie, the old cut and paste of the code or static linkage), but when > I do 'ldd /usr/bin/ssh', I see that it dynamically links with zlib. > So maybe they are referring to ssh, not openssh? > > I upgraded to the zlib 1.1.4, which fixes the bug. Anyone know > whether I can now rest easy as far as ssh is concerned? I didn't find > any mention of the problem on the openssh site, strangely enough.
it's probably ssh, not openssh. the default for building it is to link it dynamically. of course, the article could be wrong. it said freebsd was vulnerable and it's not. http://groups.google.com/groups?hl=en&selm=a6jbr6%241dds%241%40FreeBSD.csie.NCTU.edu.tw if anyone's wondering, netbsd and openbsd use freebsd's malloc. i'm also assuming that darwin/osX does too. =jay _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
