diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-11:04.compress.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-11:04.compress.asc | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/share/security/advisories/FreeBSD-SA-11:04.compress.asc b/share/security/advisories/FreeBSD-SA-11:04.compress.asc deleted file mode 100644 index 6763fd223e..0000000000 --- a/share/security/advisories/FreeBSD-SA-11:04.compress.asc +++ /dev/null @@ -1,158 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-11:04.compress Security Advisory - The FreeBSD Project - -Topic: Errors handling corrupt compress file in compress(1) - and gzip(1) - -Category: core -Module: compress -Announced: 2011-09-28 -Credits: Tomas Hoger, Joerg Sonnenberger -Affects: All supported versions of FreeBSD. -Corrected: 2011-09-28 08:47:17 UTC (RELENG_7, 7.4-STABLE) - 2011-09-28 08:47:17 UTC (RELENG_7_4, 7.4-RELEASE-p3) - 2011-09-28 08:47:17 UTC (RELENG_7_3, 7.3-RELEASE-p7) - 2011-09-28 08:47:17 UTC (RELENG_8, 8.2-STABLE) - 2011-09-28 08:47:17 UTC (RELENG_8_2, 8.2-RELEASE-p3) - 2011-09-28 08:47:17 UTC (RELENG_8_1, 8.1-RELEASE-p5) - 2011-09-28 08:47:17 UTC (RELENG_9, 9.0-RC1) -CVE Name: CVE-2011-2895 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -The compress utility reduces the size of files using adaptive Lempel-Ziv -coding, or LZW coding, a lossless data compression algorithm. - -Both compress(1) and gzip(1) uses code derived from 4.3BSD compress(1). - -II. Problem Description - -The code used to decompress a file created by compress(1) does not do -sufficient boundary checks on compressed code words, allowing reference -beyond the decompression table, which may result in a stack overflow or -an infinite loop when the decompressor encounters a corrupted file. - -III. Impact - -An attacker who can cause a corrupt archive of his choice to be parsed -by uncompress(1) or gunzip(1), can cause these utilities to enter an -infinite loop, to core dump, or possibly to execute arbitrary code -provided by the attacker. - -IV. Workaround - -No workaround is available, but systems not handling adaptive Lempel-Ziv -compressed files (.Z) from untrusted source are not vulnerable. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to -the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security -branch dated after the correction date. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to FreeBSD 7.4, 7.3, -8.2 and 8.1 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch http://security.FreeBSD.org/patches/SA-11:04/compress.patch -# fetch http://security.FreeBSD.org/patches/SA-11:04/compress.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/usr.bin/compress -# make obj && make depend && make && make install -# cd /usr/src/usr.bin/gzip -# make obj && make depend && make && make install - -3) To update your vulnerable system via a binary patch: - -Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on -the i386 or amd64 platforms can be updated via the freebsd-update(8) -utility: - -# freebsd-update fetch -# freebsd-update install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -CVS: - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_7 - src/usr.bin/compress/zopen.c 1.12.10.1 - src/usr.bin/gzip/zuncompress.c 1.1.4.3 -RELENG_7_4 - src/UPDATING 1.507.2.36.2.5 - src/sys/conf/newvers.sh 1.72.2.18.2.8 - src/usr.bin/compress/zopen.c 1.12.26.2 - src/usr.bin/gzip/zuncompress.c 1.1.4.1.4.2 -RELENG_7_3 - src/UPDATING 1.507.2.34.2.9 - src/sys/conf/newvers.sh 1.72.2.16.2.11 - src/usr.bin/compress/zopen.c 1.12.24.2 - src/usr.bin/gzip/zuncompress.c 1.1.4.1.2.2 -RELENG_8 - src/usr.bin/compress/zopen.c 1.12.22.2 - src/usr.bin/gzip/zuncompress.c 1.2.2.3 -RELENG_8_2 - src/UPDATING 1.632.2.19.2.5 - src/sys/conf/newvers.sh 1.83.2.12.2.8 - src/usr.bin/compress/zopen.c 1.12.22.1.6.2 - src/usr.bin/gzip/zuncompress.c 1.2.2.1.6.2 -RELENG_8_1 - src/UPDATING 1.632.2.14.2.8 - src/sys/conf/newvers.sh 1.83.2.10.2.9 - src/usr.bin/compress/zopen.c 1.12.22.1.4.2 - src/usr.bin/gzip/zuncompress.c 1.2.2.1.4.2 -RELENG_9 - src/usr.bin/compress/zopen.c 1.16.2.2 - src/usr.bin/gzip/zuncompress.c 1.4.2.2 -- ------------------------------------------------------------------------- - -Subversion: - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/7/ r225827 -releng/7.4/ r225827 -releng/7.3/ r225827 -stable/8/ r225827 -releng/8.2/ r225827 -releng/8.1/ r225827 -stable/9/ r225827 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895 - -The latest revision of this advisory is available at -http://security.FreeBSD.org/advisories/FreeBSD-SA-11:04.compress.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (FreeBSD) - -iEYEARECAAYFAk6C4nIACgkQFdaIBMps37LymQCgmW2YYsSqvjxhiuHXt0bCcCgd -K5YAnA0/Z8++C6TKtUJ5Bzogd80a9OEd -=I+0k ------END PGP SIGNATURE----- |