Summary: | <sys-libs/zlib-1.2.13-r2[minizip]: Buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2023/10/20/9 | ||
See Also: |
https://github.com/madler/zlib/pull/843 https://chromium-review.googlesource.com/c/chromium/src/+/4773479 https://chromium-review.googlesource.com/c/chromium/src/+/4769365 https://bugs.gentoo.org/show_bug.cgi?id=923035 |
||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 916525 | ||
Bug Blocks: |
Description
Sam James
![]() ![]() ![]() ![]() Note that minizip-ng is apparently not vulnerable: https://github.com/zlib-ng/minizip-ng/issues/735. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9718dafa6ecd841f4364f2ee0039613f0b8efec commit d9718dafa6ecd841f4364f2ee0039613f0b8efec Author: Sam James <sam@gentoo.org> AuthorDate: 2023-10-30 10:16:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-30 10:19:02 +0000 sys-libs/zlib: fix CVE-2023-45853 Bug: https://bugs.gentoo.org/916484 Signed-off-by: Sam James <sam@gentoo.org> .../zlib/files/zlib-1.2.13-CVE-2023-45853.patch | 40 +++++ sys-libs/zlib/zlib-1.2.13-r2.ebuild | 184 +++++++++++++++++++++ sys-libs/zlib/zlib-1.3-r2.ebuild | 179 ++++++++++++++++++++ 3 files changed, 403 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94c6e08a7720f558bb603793f8e4c2d70283c08f commit 94c6e08a7720f558bb603793f8e4c2d70283c08f Author: Sam James <sam@gentoo.org> AuthorDate: 2024-01-06 08:04:09 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-06 08:04:19 +0000 sys-libs/zlib: drop 1.2.13-r1, 1.2.13-r2, 1.3-r1 Bug: https://bugs.gentoo.org/916484 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/zlib/Manifest | 2 - sys-libs/zlib/zlib-1.2.13-r1.ebuild | 181 ----------------------------------- sys-libs/zlib/zlib-1.2.13-r2.ebuild | 184 ------------------------------------ sys-libs/zlib/zlib-1.3-r1.ebuild | 176 ---------------------------------- 4 files changed, 543 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd commit 93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-15 12:02:56 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-15 12:04:10 +0000 [ GLSA 202401-18 ] zlib: Buffer Overflow Bug: https://bugs.gentoo.org/916484 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-18.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |