Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835958 - <sys-libs/zlib-1.2.12: deflate memory corruption
Summary: <sys-libs/zlib-1.2.12: deflate memory corruption
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: A4 [glsa+]
Keywords:
Depends on: 836303
Blocks: CVE-2018-25032
  Show dependency tree
 
Reported: 2022-03-24 20:00 UTC by John Helmert III
Modified: 2022-10-31 20:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-24 20:00:15 UTC
From https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531:

"This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.

The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space."
Comment 1 Larry the Git Cow gentoo-dev 2022-03-28 06:43:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d55f1223957344dd8aaa16d5f609b46d7d2b598e

commit d55f1223957344dd8aaa16d5f609b46d7d2b598e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-28 06:43:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-28 06:43:26 +0000

    sys-libs/zlib: add 1.2.12
    
    Bug: https://bugs.gentoo.org/835958
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/Manifest           |   2 +
 sys-libs/zlib/zlib-1.2.12.ebuild | 187 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 189 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-03-28 06:51:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb5eb206b488b495be7cab1bc72526a79d49428b

commit cb5eb206b488b495be7cab1bc72526a79d49428b
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-28 06:50:42 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-28 06:51:20 +0000

    sys-libs/zlib: unkeyword 1.2.12
    
    Checking something...
    
    Bug: https://bugs.gentoo.org/835958
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/zlib-1.2.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-03-28 07:29:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e2bd29b39d577e88ecf6bc0752cd50c56ea6411

commit 5e2bd29b39d577e88ecf6bc0752cd50c56ea6411
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-28 07:28:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-28 07:29:30 +0000

    sys-libs/zlib: revbump 1.2.12 for configure fix
    
    For me, it silently installed no 32-bit lib (or tried to build
    it statically, which then didn't get installed), so let's
    be cautious.
    
    Still unkeyworded until later though.
    
    Bug: https://bugs.gentoo.org/835958
    Bug: https://bugs.gentoo.org/836308
    Fixes: 0a91cef90a3879f5fe3763a01c0f37c336bd1a6c
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/{zlib-1.2.12.ebuild => zlib-1.2.12-r1.ebuild} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2022-03-29 02:00:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd0a0f16ebdc4cf2d18378213d8476aeb42ff810

commit cd0a0f16ebdc4cf2d18378213d8476aeb42ff810
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-29 01:59:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-29 02:00:40 +0000

    sys-libs/zlib: keyword 1.2.12-r1
    
    Issues are fixed now. Nothing else has come up other than the now-fixed
    CC-configure issue.
    
    Bug: https://bugs.gentoo.org/835958
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/files/zlib-1.2.12-fix-CC-logic-in-configure.patch | 6 ++++--
 sys-libs/zlib/zlib-1.2.12-r1.ebuild                             | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 20:34:37 UTC
Request filed
Comment 6 Larry the Git Cow gentoo-dev 2022-10-31 20:38:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=19befd853907b89ff1a5ea81ae63b19dbb1d7655

commit 19befd853907b89ff1a5ea81ae63b19dbb1d7655
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-31 20:36:54 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-31 20:37:38 +0000

    [ GLSA 202210-42 ] zlib: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/835958
    Bug: https://bugs.gentoo.org/863851
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-42.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 20:40:14 UTC
GLSA released, all done!