Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 646780 (CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727)

Summary: dev-libs/zziplib: Multiple vulnerabilities (CVE-2018-{6381,6484,6540,6541,6542,6869,7725,7726,7727})
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: voyageur
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
dev-libs/zziplib-0.13.69
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 614040    

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-06 16:53:50 UTC
CVE-2018-6542

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.

CVE-2018-6541

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6540

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6381

In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2018-03-13 18:36:51 UTC
CVE-2018-7727 (https://nvd.nist.gov/vuln/detail/CVE-2018-7727):
  An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered
  in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial
  of service attack.

CVE-2018-7726 (https://nvd.nist.gov/vuln/detail/CVE-2018-7726):
  An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by
  the __zzip_parse_root_directory function of zip.c. Attackers could leverage
  this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-7725 (https://nvd.nist.gov/vuln/detail/CVE-2018-7725):
  An issue was discovered in ZZIPlib 0.13.68. An invalid memory address
  dereference was discovered in zzip_disk_fread in mmapped.c. The
  vulnerability causes an application crash, which leads to denial of service.

CVE-2018-6869 (https://nvd.nist.gov/vuln/detail/CVE-2018-6869):
  In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash
  in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers
  could leverage this vulnerability to cause a denial of service via a crafted
  zip file.
Comment 2 Mart Raudsepp gentoo-dev 2019-01-27 13:48:41 UTC
arm64 stable
Comment 3 Larry the Git Cow gentoo-dev 2019-01-30 13:20:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54fcfe392afe0585141fdb078cbd631c1f79920f

commit 54fcfe392afe0585141fdb078cbd631c1f79920f
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-30 13:19:55 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-30 13:19:55 +0000

    dev-libs/zziplib-0.13.69-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/646780
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-libs/zziplib/zziplib-0.13.69.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Rolf Eike Beer archtester 2019-01-31 17:39:42 UTC
sparc stable
Comment 5 Markus Meier gentoo-dev 2019-01-31 20:19:50 UTC
arm stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-01-31 22:22:03 UTC
x86 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:12:29 UTC
ppc64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:31:35 UTC
ppc stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:38:35 UTC
ia64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:42:55 UTC
hppa stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:37:28 UTC
amd64 stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:38:29 UTC
s390 stable
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:42:42 UTC
GLSA vote: no.