Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 675376 (CVE-2019-6250) - <net-libs/zeromq-4.3.1: pointer overflow with code execution (CVE-2019-6250)
Summary: <net-libs/zeromq-4.3.1: pointer overflow with code execution (CVE-2019-6250)
Status: RESOLVED FIXED
Alias: CVE-2019-6250
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://github.com/zeromq/libzmq/issu...
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-14 02:17 UTC by GLSAMaker/CVETool Bot
Modified: 2019-04-06 16:39 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/zeromq-4.3.1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-01-14 02:17:48 UTC
Incoming details.
Comment 1 Larry the Git Cow gentoo-dev 2019-01-14 02:19:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bff2f10013fd5ad08befbb74b0f48987a4272c80

commit bff2f10013fd5ad08befbb74b0f48987a4272c80
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-01-14 02:19:03 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-01-14 02:19:15 +0000

    net-libs/zeromq: bump to v4.3.1
    
    Bug: https://bugs.gentoo.org/675376
    Package-Manager: Portage-2.3.55, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-libs/zeromq/Manifest            |  1 +
 net-libs/zeromq/zeromq-4.3.1.ebuild | 62 +++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
Comment 2 Thomas Deutschmann gentoo-dev Security 2019-01-14 02:21:09 UTC
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
Comment 3 Stabilization helper bot gentoo-dev 2019-01-15 17:01:26 UTC
An automated check of this bug failed - repoman reported dependency errors (17 lines truncated): 

> dependency.bad net-libs/zeromq/zeromq-4.3.1.ebuild: DEPEND: alpha(default/linux/alpha/17.0) ['=net-libs/openpgm-5.2.122']
> dependency.bad net-libs/zeromq/zeromq-4.3.1.ebuild: RDEPEND: alpha(default/linux/alpha/17.0) ['=net-libs/openpgm-5.2.122']
> dependency.bad net-libs/zeromq/zeromq-4.3.1.ebuild: DEPEND: alpha(default/linux/alpha/17.0) ['=net-libs/openpgm-5.2.122']
Comment 4 Thomas Deutschmann gentoo-dev Security 2019-01-15 18:06:44 UTC
Oops, alpha hasn't keyworded package -- removing.
Comment 5 Thomas Deutschmann gentoo-dev Security 2019-01-15 22:13:27 UTC
x86 stable
Comment 6 Mart Raudsepp gentoo-dev 2019-01-16 00:42:26 UTC
arm64 stable
Comment 7 Rolf Eike Beer 2019-01-16 17:40:07 UTC
Just in case any of the tests test_reconnect_ivl, test_pair_ipc, or test_rebind_ipc fails: this is just the testcases using a fixed file in /tmp and not cleaning up on failure. Just "rm -f /tmp/{test_pair_ipc,test_rebind_ipc,test_reconnect_ivl}" and try again. This has been fixed upstream after the 4.3.1 release.
Comment 8 Rolf Eike Beer 2019-01-17 17:41:17 UTC
sparc stable
Comment 9 Sergei Trofimovich gentoo-dev 2019-01-17 19:50:22 UTC
ia64 stable
Comment 10 Sergei Trofimovich gentoo-dev 2019-01-17 19:59:32 UTC
ppc stable
Comment 11 Sergei Trofimovich gentoo-dev 2019-01-17 20:02:03 UTC
ppc64 stable
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-01-17 21:11:06 UTC
amd64 stable
Comment 13 Sergei Trofimovich gentoo-dev 2019-01-17 23:07:39 UTC
hppa stable
Comment 14 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-01-23 13:36:25 UTC
arm stable
Comment 15 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-24 02:20:47 UTC
@maintainer, please drop vulnerable.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2019-03-28 02:20:59 UTC
This issue was resolved and addressed in
 GLSA 201903-22 at https://security.gentoo.org/glsa/201903-22
by GLSA coordinator Aaron Bauman (b-man).
Comment 17 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-28 02:21:43 UTC
re-opened for cleanup
Comment 18 Larry the Git Cow gentoo-dev 2019-04-05 17:22:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba0378bf154e007fbd1c68bdfe20bd12a5f92674

commit ba0378bf154e007fbd1c68bdfe20bd12a5f92674
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-04-05 17:20:33 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-04-05 17:22:02 +0000

    net-libs/zeromq: security cleanup
    
    Bug: https://bugs.gentoo.org/675376
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-libs/zeromq/Manifest                           |  8 ---
 .../zeromq/files/zeromq-4.2.0-dl-backport.patch    | 25 --------
 ...able-experimental-zmq_poll-implementation.patch | 35 -----------
 .../files/zeromq-4.2.2-optional-libunwind.patch    | 70 ----------------------
 net-libs/zeromq/zeromq-4.1.1.ebuild                | 49 ---------------
 net-libs/zeromq/zeromq-4.1.6.ebuild                | 55 -----------------
 net-libs/zeromq/zeromq-4.2.0-r1.ebuild             | 59 ------------------
 net-libs/zeromq/zeromq-4.2.1.ebuild                | 55 -----------------
 net-libs/zeromq/zeromq-4.2.2-r1.ebuild             | 57 ------------------
 net-libs/zeromq/zeromq-4.2.2-r2.ebuild             | 63 -------------------
 net-libs/zeromq/zeromq-4.2.2.ebuild                | 55 -----------------
 net-libs/zeromq/zeromq-4.2.3.ebuild                | 62 -------------------
 net-libs/zeromq/zeromq-4.2.5.ebuild                | 62 -------------------
 net-libs/zeromq/zeromq-4.3.0.ebuild                | 62 -------------------
 14 files changed, 717 deletions(-)