1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.FREEBSD.ANN

  • FreeBSD Security Advisory FreeBSD-SA-22:13.zlib

    From FreeBSD Security Advisories@21:1/5 to All on Wed Aug 31 00:00:11 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    ============================================================================= FreeBSD-SA-22:13.zlib Security Advisory
    The FreeBSD Project

    Topic: zlib heap buffer overflow

    Category: contrib
    Module: zlib
    Announced: 2022-08-30
    Credits: Evgeny Legerov of @intevydis
    Affects: All supported versions of FreeBSD.
    Corrected: 2022-08-09 14:40:35 UTC (stable/13, 13.1-STABLE)
    2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2)
    2022-08-30 22:57:49 UTC (releng/13.0, 13.0-RELEASE-p13)
    2022-08-09 14:45:04 UTC (stable/12, 12.3-STABLE)
    2022-08-30 23:16:45 UTC (releng/12.3, 12.3-RELEASE-p7)
    CVE Name: CVE-2022-37434

    For general information regarding FreeBSD Security Advisories,
    including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

    I. Background

    zlib is a software library implementing compression and decompression.
    It is used in various places in the FreeBSD kernel and userland.

    II. Problem Description

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
    in inflate in inflate.c via a large gzip header extra field.

    III. Impact

    Applications that call inflateGetHeader may be vulnerable to a buffer
    overflow. Note that inflateGetHeader is not used by anything in the
    FreeBSD base system, but may be used by third party software.

    IV. Workaround

    No workaround is available, but applications that do not call
    inflateGetHeader are not vulnerable.

    V. Solution

    Upgrade your vulnerable system to a supported FreeBSD stable or
    release / security branch (releng) dated after the correction date, and
    restart daemons if necessary.

    Perform one of the following:

    1) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the amd64, i386, or
    (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility:

    # freebsd-update fetch
    # freebsd-update install

    2) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable
    FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the
    detached PGP signature using your PGP utility.

    # fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch
    # fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch.asc
    # gpg --verify zlib.patch.asc

    b) Apply the patch. Execute the following commands as root:

    # cd /usr/src
    # patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

    Restart all daemons that use the library, or reboot the system.

    VI. Correction details

    This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches:

    Branch/path Hash Revision
    - ------------------------------------------------------------------------- stable/13/ 10cc2bf5f7a5 stable/13-n252073 releng/13.1/ 289231c9634a releng/13.1-n250156 releng/13.0/ 77cd23716ffb releng/13.0-n244808 stable/12/ r372370 releng/12.3/ r372460
    - -------------------------------------------------------------------------

    For FreeBSD 13 and later:

    Run the following command to see which files were modified by a
    particular commit:

    # git show --stat <commit hash>

    Or visit the following URL, replacing NNNNNN with the hash:

    <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

    To determine the commit count in a working tree (for comparison against
    nNNNNNN in the table above), run:

    # git rev-list --count --first-parent HEAD

    For FreeBSD 12 and earlier:

    Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number:

    # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

    VII. References

    <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434>

    The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:13.zlib.asc> -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoG4ACgkQ05eS9J6n 5cIITA//WMND8i3L8agw4QBMZTmL8M6bbbKK+eua7bhH4MNxguruULwcWNoHvhuO +ebgomd4cWlPfY2TJcpd9OCXCjuMGMLvwE6XmPlGzW5DuMdD893wWPdsYJtDK+6p yMSihFyZP+ELWFbLeO3SFedRRKBQiDEmO3X2oOR1Ukj5wjsUOFPv0/dLphyBiq3t 3tn/0O9NfAmyONvHSozoVs34MIFC9Qc/8oxlp5wKjomFn6OifPRwNu4yeWDfVL/c 11IwotsKNTR6QNckdNBwbFC2NwdWfl8Tqv7gbJ3PhXDlzCDC5hOQoIeOol3Nf8et 9+FjCr9y/jTH0tzEHCgevO3U711UZYIu2s+STHTlJRNly/n+2CMG+YOn1XkKtu6A 4x4Pw+YRHl5VesQCNcJOkwVwRiyrirp5yOaaUPhSKo0teykypgV/WS9Z1U0VVfGP xgxJ7ElcT2HoNiz06QUSG374dPyEBKqoZTo/g2tJ0mL17JLW7IAtlUpIHzU475YR 1itARL0z7O3bbUa/h35LxRTCxT2Ojt0qZO9WsS4dIraz2gb8QbHkgUXETnLAx9Ih UwaPrLGkzqpMjkQFASDS+LeacFOZARdxT/tUFwTRCQI27Aujl1OJzy7t0drL5I9f pO529OH4plSsT0x4j89tAUZxIHB2RQet94777vP4T0J5UcBegxc=
    =y87U
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)