Summary: | <net-libs/zeromq-4.3.1: pointer overflow with code execution (CVE-2019-6250) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | whissi |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/zeromq/libzmq/issues/3351 | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
net-libs/zeromq-4.3.1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-01-14 02:17:48 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bff2f10013fd5ad08befbb74b0f48987a4272c80 commit bff2f10013fd5ad08befbb74b0f48987a4272c80 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-01-14 02:19:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-01-14 02:19:15 +0000 net-libs/zeromq: bump to v4.3.1 Bug: https://bugs.gentoo.org/675376 Package-Manager: Portage-2.3.55, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/zeromq/Manifest | 1 + net-libs/zeromq/zeromq-4.3.1.ebuild | 62 +++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control). An automated check of this bug failed - repoman reported dependency errors (17 lines truncated):
> dependency.bad net-libs/zeromq/zeromq-4.3.1.ebuild: DEPEND: alpha(default/linux/alpha/17.0) ['=net-libs/openpgm-5.2.122']
> dependency.bad net-libs/zeromq/zeromq-4.3.1.ebuild: RDEPEND: alpha(default/linux/alpha/17.0) ['=net-libs/openpgm-5.2.122']
> dependency.bad net-libs/zeromq/zeromq-4.3.1.ebuild: DEPEND: alpha(default/linux/alpha/17.0) ['=net-libs/openpgm-5.2.122']
Oops, alpha hasn't keyworded package -- removing. x86 stable arm64 stable Just in case any of the tests test_reconnect_ivl, test_pair_ipc, or test_rebind_ipc fails: this is just the testcases using a fixed file in /tmp and not cleaning up on failure. Just "rm -f /tmp/{test_pair_ipc,test_rebind_ipc,test_reconnect_ivl}" and try again. This has been fixed upstream after the 4.3.1 release. sparc stable ia64 stable ppc stable ppc64 stable amd64 stable hppa stable arm stable @maintainer, please drop vulnerable. This issue was resolved and addressed in GLSA 201903-22 at https://security.gentoo.org/glsa/201903-22 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba0378bf154e007fbd1c68bdfe20bd12a5f92674 commit ba0378bf154e007fbd1c68bdfe20bd12a5f92674 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-04-05 17:20:33 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-04-05 17:22:02 +0000 net-libs/zeromq: security cleanup Bug: https://bugs.gentoo.org/675376 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/zeromq/Manifest | 8 --- .../zeromq/files/zeromq-4.2.0-dl-backport.patch | 25 -------- ...able-experimental-zmq_poll-implementation.patch | 35 ----------- .../files/zeromq-4.2.2-optional-libunwind.patch | 70 ---------------------- net-libs/zeromq/zeromq-4.1.1.ebuild | 49 --------------- net-libs/zeromq/zeromq-4.1.6.ebuild | 55 ----------------- net-libs/zeromq/zeromq-4.2.0-r1.ebuild | 59 ------------------ net-libs/zeromq/zeromq-4.2.1.ebuild | 55 ----------------- net-libs/zeromq/zeromq-4.2.2-r1.ebuild | 57 ------------------ net-libs/zeromq/zeromq-4.2.2-r2.ebuild | 63 ------------------- net-libs/zeromq/zeromq-4.2.2.ebuild | 55 ----------------- net-libs/zeromq/zeromq-4.2.3.ebuild | 62 ------------------- net-libs/zeromq/zeromq-4.2.5.ebuild | 62 ------------------- net-libs/zeromq/zeromq-4.3.0.ebuild | 62 ------------------- 14 files changed, 717 deletions(-) |