diff options
Diffstat (limited to 'website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc')
| -rw-r--r-- | website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc b/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc new file mode 100644 index 0000000000..14ba774c80 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:08.zlib Security Advisory + The FreeBSD Project + +Topic: zlib compression out-of-bounds write + +Category: zlib +Module: contrib +Announced: 2022-04-06 +Credits: Danilo Ramos of Eideticom + Tavis Ormandy of Google Project Zero +Affects: All supported versions of FreeBSD. +Corrected: 2022-04-04 19:30:33 UTC (stable/13, 13.1-STABLE) + 2022-04-04 20:02:42 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:19 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-04-04 01:07:59 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:39 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2018-25032 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +zlib is a compression library used by numerous applications, as well as some +FreeBSD kernel components, to provide data compression/decompression +routines. + +II. Problem Description + +Certain inputs can cause zlib's compression routine to overwrite an internal +buffer with compressed data. This issue may require the use of uncommon or +non-default compression parameters. + +III. Impact + +The out-of-bounds write may result in memory corruption and an application +crash or kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:08/zlib.patch +# fetch https://security.FreeBSD.org/patches/SA-22:08/zlib.patch.asc +# gpg --verify zlib.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>. + +Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ c4727a47f18c stable/13-n250251 +releng/13.1/ f5196112e8bd releng/13.1-n250070 +releng/13.0/ 9854ff088002 releng/13.0-n244799 +stable/12/ r371856 +releng/12.3/ r371875 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<other info on vulnerability> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:08.zlib.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgcACgkQ05eS9J6n +5cKzTxAAm61INadG6kdCuFYEYez9Fb3bT0L+bVElfmVhiQ80BqVKwE7EpeNN+OUC +820eYu5KnSGT2SKq6IIi605MUvhjpECLdjmdIEbER6G97nWxwSEEhpQ64br+3ely +J7SJWYpR5ydsxOYitICHV6YDJNK2mIMl0IYhSPgJqwb0zMWIupGPYisgdlqUSJV4 +SVxqQL8Z1GE+rUW2Br3QamENXkRRZwIUNpAxGfGK+YWjqjZ+378y6R5nj4+TL3c8 ++kDKL4jLyyQxnmkhLjfdX2sFOhI7bxcsmj0JuutAaCwvxlZ8gPglKMKZLEz4fula +hA6AuFFGpgoPpP2ZCThXglJ4UWYrPJhRX7c5G1W/mdaLZACeHwz+1SOW6v0Ud0GI +fxI6uweov8zDp5RIjWHU5Ir40nE3WqwYVGamy4xWN0PnrfzYlMidP7bV9pakalUn +lkXPIcFmgY6Yc8efPsHGoyskIjarquZ8gNqAv6CmumaHiu20PcPNXbwuMIVGABcf +p1WEIOYD8C1eDsPnR+QiFj9/8JcN/MyElJOz8wFr/XdRkixGx2mqCxQt9d8QDAaF +84/phYipwC1rdPjQs9HTcI6x52+MiyJGU+W6o27uS2vIQYycqkCjc08viZP5bNKT +kt281rEoIcvmv9HUzMXvjLzWGTGvGLw9lf5PueMzZwbkGV4o1fY= +=7Iaq +-----END PGP SIGNATURE----- |