Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 646780 (CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727) - dev-libs/zziplib: Multiple vulnerabilities (CVE-2018-{6381,6484,6540,6541,6542,6869,7725,7726,7727})
Summary: dev-libs/zziplib: Multiple vulnerabilities (CVE-2018-{6381,6484,6540,6541,654...
Status: RESOLVED FIXED
Alias: CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981
  Show dependency tree
 
Reported: 2018-02-06 16:53 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2019-02-07 11:42 UTC (History)
1 user (show)

See Also:
Package list:
dev-libs/zziplib-0.13.69
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-06 16:53:50 UTC 
CVE-2018-6542

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.

CVE-2018-6541

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6540

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6381

In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2018-03-13 18:36:51 UTC 
CVE-2018-7727 (https://nvd.nist.gov/vuln/detail/CVE-2018-7727):
  An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered
  in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial
  of service attack.

CVE-2018-7726 (https://nvd.nist.gov/vuln/detail/CVE-2018-7726):
  An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by
  the __zzip_parse_root_directory function of zip.c. Attackers could leverage
  this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-7725 (https://nvd.nist.gov/vuln/detail/CVE-2018-7725):
  An issue was discovered in ZZIPlib 0.13.68. An invalid memory address
  dereference was discovered in zzip_disk_fread in mmapped.c. The
  vulnerability causes an application crash, which leads to denial of service.

CVE-2018-6869 (https://nvd.nist.gov/vuln/detail/CVE-2018-6869):
  In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash
  in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers
  could leverage this vulnerability to cause a denial of service via a crafted
  zip file.
Comment 2 Mart Raudsepp gentoo-dev 2019-01-27 13:48:41 UTC 
arm64 stable
Comment 3 Larry the Git Cow gentoo-dev 2019-01-30 13:20:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54fcfe392afe0585141fdb078cbd631c1f79920f

commit 54fcfe392afe0585141fdb078cbd631c1f79920f
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-30 13:19:55 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-30 13:19:55 +0000

    dev-libs/zziplib-0.13.69-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/646780
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-libs/zziplib/zziplib-0.13.69.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Rolf Eike Beer archtester 2019-01-31 17:39:42 UTC 
sparc stable
Comment 5 Markus Meier gentoo-dev 2019-01-31 20:19:50 UTC 
arm stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-01-31 22:22:03 UTC 
x86 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:12:29 UTC 
ppc64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:31:35 UTC 
ppc stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:38:35 UTC 
ia64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-03 17:42:55 UTC 
hppa stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:37:28 UTC 
amd64 stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:38:29 UTC 
s390 stable
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:42:42 UTC 
GLSA vote: no.