Date: Mon, 18 Mar 2002 11:20:34 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: "Jason DiCioccio (reply)" <geniusj+categories.replies@bluenugget.net> Cc: security@freebsd.org Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib Message-ID: <20020318162034.GA96424@peitho.fxp.org> In-Reply-To: <2918868125.1016439371@[192.168.4.56]> References: <200203181500.g2IF04W32492@freefall.freebsd.org> <2918868125.1016439371@[192.168.4.56]>
next in thread | previous in thread | raw e-mail | index | archive | help
--2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 18, 2002 at 08:16:11AM -0800, Jason DiCioccio wrote: > I'm a bit confused now. So FreeBSD, 4.5-RELEASE is vulnerable? I Yes, any software that uses libz is vulnerable to the double-free bug (but not necessarily exploitable). > am a bit unclear on this as I thought phkmalloc was not vulnerable > to the double-free bug. Or does this only affect binaries > statically linked with older revisions of libc and linux binaries? >=20 Unlike some other malloc(3) implementations, phkmalloc is not believed to be exploitable. However, the side effects of the double-free bug in libz may include an application crashing due to the decompression of invalid data, warnings from phkmalloc, and applications abort(3)'ing if the 'A' malloc option is used. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyWE9IACgkQObaG4P6BelDBwQCgklAvrRfuOkFq0nOeYZ/KafPL vJIAniEEHArnzUk4X9Sj1MZtBAS05zgM =BXJi -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318162034.GA96424>