Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib

From: Chris Faulhaber (
Date: 03/18/02

Date: Mon, 18 Mar 2002 11:20:34 -0500
From: Chris Faulhaber <>
To: "Jason DiCioccio (reply)" <>

On Mon, Mar 18, 2002 at 08:16:11AM -0800, Jason DiCioccio wrote:
> I'm a bit confused now. So FreeBSD, 4.5-RELEASE is vulnerable? I

Yes, any software that uses libz is vulnerable to the double-free
bug (but not necessarily exploitable).

> am a bit unclear on this as I thought phkmalloc was not vulnerable
> to the double-free bug. Or does this only affect binaries
> statically linked with older revisions of libc and linux binaries?

Unlike some other malloc(3) implementations, phkmalloc is not believed
to be exploitable. However, the side effects of the double-free bug
in libz may include an application crashing due to the decompression
of invalid data, warnings from phkmalloc, and applications
abort(3)'ing if the 'A' malloc option is used.

Chris D. Faulhaber - -
FreeBSD: The Power To Serve   -

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message