Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 646780 (CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727) - dev-libs/zziplib: Multiple vulnerabilities (CVE-2018-{6381,6484,6540,6541,6542,6869,7725,7726,7727})
Summary: dev-libs/zziplib: Multiple vulnerabilities (CVE-2018-{6381,6484,6540,6541,654...
Status: RESOLVED FIXED
Alias: CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981
  Show dependency tree
 
Reported: 2018-02-06 16:53 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2019-02-07 11:42 UTC (History)
1 user (show)

See Also:
Package list:
dev-libs/zziplib-0.13.69
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-06 16:53:50 UTC
CVE-2018-6542

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.

CVE-2018-6541

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6540

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6381

In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2018-03-13 18:36:51 UTC
CVE-2018-7727 (https://nvd.nist.gov/vuln/detail/CVE-2018-7727):
  An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered
  in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial
  of service attack.

CVE-2018-7726 (https://nvd.nist.gov/vuln/detail/CVE-2018-7726):
  An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by
  the __zzip_parse_root_directory function of zip.c. Attackers could leverage
  this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-7725 (https://nvd.nist.gov/vuln/detail/CVE-2018-7725):
  An issue was discovered in ZZIPlib 0.13.68. An invalid memory address
  dereference was discovered in zzip_disk_fread in mmapped.c. The
  vulnerability causes an application crash, which leads to denial of service.

CVE-2018-6869 (https://nvd.nist.gov/vuln/detail/CVE-2018-6869):
  In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash
  in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers
  could leverage this vulnerability to cause a denial of service via a crafted
  zip file.
Comment 2 Mart Raudsepp gentoo-dev 2019-01-27 13:48:41 UTC
arm64 stable
Comment 3 Larry the Git Cow gentoo-dev 2019-01-30 13:20:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54fcfe392afe0585141fdb078cbd631c1f79920f

commit 54fcfe392afe0585141fdb078cbd631c1f79920f
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2019-01-30 13:19:55 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2019-01-30 13:19:55 +0000

    dev-libs/zziplib-0.13.69-r0: alpha stable
    
    Bug: http://bugs.gentoo.org/646780
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 dev-libs/zziplib/zziplib-0.13.69.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Rolf Eike Beer 2019-01-31 17:39:42 UTC
sparc stable
Comment 5 Markus Meier gentoo-dev 2019-01-31 20:19:50 UTC
arm stable
Comment 6 Thomas Deutschmann gentoo-dev Security 2019-01-31 22:22:03 UTC
x86 stable
Comment 7 Sergei Trofimovich gentoo-dev 2019-02-03 17:12:29 UTC
ppc64 stable
Comment 8 Sergei Trofimovich gentoo-dev 2019-02-03 17:31:35 UTC
ppc stable
Comment 9 Sergei Trofimovich gentoo-dev 2019-02-03 17:38:35 UTC
ia64 stable
Comment 10 Sergei Trofimovich gentoo-dev 2019-02-03 17:42:55 UTC
hppa stable
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:37:28 UTC
amd64 stable
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:38:29 UTC
s390 stable
Comment 13 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-02-07 11:42:42 UTC
GLSA vote: no.