From nobody Tue Aug 30 23:58:03 2022 X-Original-To: freebsd-security-notifications@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MHPQ41Vklz4bbrq for ; Tue, 30 Aug 2022 23:58:04 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MHPQ36R9Xz3tvp; Tue, 30 Aug 2022 23:58:03 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1661903883; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=6rssDb3T9BBX2U+/3k1dpfkKUxPhuPclLo5guXBvpSk=; b=DC330OktsQ6+yDxgI8RHnijvwaOHDszsLT54Pq1oxB/QqEm/7LPM4nssN3IAClf0vKvDBp SXrFiTszTPoXJkikywa+kLGNtSKAeoek5xSjIGUabDh/kZ6++allJctOMYImotWV7jrQWI uXQg0CKhZEHreERilnR9kW/a5wf9lJ/ase+04Yl+M3QA8acQi8g9odahdD0bpRd1QUDIDm TT49xgkqTNny4ovVgXAIhTdhEEZu4/tcA3kmw2jMW3BIREgQTbUYHy/UbRSOEedRVhZCbZ d8eho41Lc9GOUEVJo38COUSisFXxoSC0h9ootEXfpryPKpDr251dYVWRMNbvjg== Received: by freefall.freebsd.org (Postfix, from userid 945) id BEF1110B7E; Tue, 30 Aug 2022 23:58:03 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-22:13.zlib Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20220830235803.BEF1110B7E@freefall.freebsd.org> Date: Tue, 30 Aug 2022 23:58:03 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1661903883; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=6rssDb3T9BBX2U+/3k1dpfkKUxPhuPclLo5guXBvpSk=; b=VdSbuCmze/XtPZJBfwuskEnbMV/yGOYSIF0S30jrWtkrAQyu9w/asOQomZZE2nzudqNJPF QbZMTRNcuZB23G8hmf0SOmTaNogNYgStGJ23sy91j3TSLfAIN4DIuUx6rPAhg3BqaGNSTx kTQ9lshs5ii4yDmY743fFDT+UfVddB4I4QP9FTgruRKlGcUGbk6UwCyB80dAJFaKDzXyK2 F/S3UmxkWOP3zG1bY5bXJSceJM94w2R3FZ7inOL1etLFjThmXXqOTz0PSUmVuF1ltdGaoB We/bPeEU2/6vj7LCahcP8N6B5ZLvsjnhS5VVMxjeGPcK8eRsEmaQ+4oMyz/0hQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1661903883; a=rsa-sha256; cv=none; b=YgQe+MSXhkDazZoXmlvHQLIpFkn84bk0XOufeHdf9+GkCJ4uCG1ydW1dQtpVdsHxZPSBQr NVeEdvkZv3wCaHahhfJLIricN/k++84rvRZbjCBvYe1p9xgOAraXRSlTsjf0mho59zdNWV qT6YisGxQRDqxiM9d1zwEZWaQCoLAuR/E+8nulM+QAsHTUK/zwErz0qXXOESC2crEoPYus z96H/QOlbQze+9uROQcfEH+ghPflQQoHciP6DB8vbYU75ClYIbGF8hDVWi9zei2GHownoD duO7oLImpr5qHoAueRZiptQvaq20nnkYREaUkVAxYXIPLdVyHgGmtdKNjjT/aQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N List-Id: Moderated Security Notifications [moderated, low volume] List-Archive: https://lists.freebsd.org/archives/freebsd-security-notifications List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security-notifications@freebsd.org X-BeenThere: freebsd-security-notifications@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:13.zlib Security Advisory The FreeBSD Project Topic: zlib heap buffer overflow Category: contrib Module: zlib Announced: 2022-08-30 Credits: Evgeny Legerov of @intevydis Affects: All supported versions of FreeBSD. Corrected: 2022-08-09 14:40:35 UTC (stable/13, 13.1-STABLE) 2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2) 2022-08-30 22:57:49 UTC (releng/13.0, 13.0-RELEASE-p13) 2022-08-09 14:45:04 UTC (stable/12, 12.3-STABLE) 2022-08-30 23:16:45 UTC (releng/12.3, 12.3-RELEASE-p7) CVE Name: CVE-2022-37434 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background zlib is a software library implementing compression and decompression. It is used in various places in the FreeBSD kernel and userland. II. Problem Description zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. III. Impact Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in the FreeBSD base system, but may be used by third party software. IV. Workaround No workaround is available, but applications that do not call inflateGetHeader are not vulnerable. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and restart daemons if necessary. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch # fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch.asc # gpg --verify zlib.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 10cc2bf5f7a5 stable/13-n252073 releng/13.1/ 289231c9634a releng/13.1-n250156 releng/13.0/ 77cd23716ffb releng/13.0-n244808 stable/12/ r372370 releng/12.3/ r372460 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoG4ACgkQ05eS9J6n 5cIITA//WMND8i3L8agw4QBMZTmL8M6bbbKK+eua7bhH4MNxguruULwcWNoHvhuO +ebgomd4cWlPfY2TJcpd9OCXCjuMGMLvwE6XmPlGzW5DuMdD893wWPdsYJtDK+6p yMSihFyZP+ELWFbLeO3SFedRRKBQiDEmO3X2oOR1Ukj5wjsUOFPv0/dLphyBiq3t 3tn/0O9NfAmyONvHSozoVs34MIFC9Qc/8oxlp5wKjomFn6OifPRwNu4yeWDfVL/c 11IwotsKNTR6QNckdNBwbFC2NwdWfl8Tqv7gbJ3PhXDlzCDC5hOQoIeOol3Nf8et 9+FjCr9y/jTH0tzEHCgevO3U711UZYIu2s+STHTlJRNly/n+2CMG+YOn1XkKtu6A 4x4Pw+YRHl5VesQCNcJOkwVwRiyrirp5yOaaUPhSKo0teykypgV/WS9Z1U0VVfGP xgxJ7ElcT2HoNiz06QUSG374dPyEBKqoZTo/g2tJ0mL17JLW7IAtlUpIHzU475YR 1itARL0z7O3bbUa/h35LxRTCxT2Ojt0qZO9WsS4dIraz2gb8QbHkgUXETnLAx9Ih UwaPrLGkzqpMjkQFASDS+LeacFOZARdxT/tUFwTRCQI27Aujl1OJzy7t0drL5I9f pO529OH4plSsT0x4j89tAUZxIHB2RQet94777vP4T0J5UcBegxc= =y87U -----END PGP SIGNATURE-----