From owner-freebsd-security@FreeBSD.ORG Wed Jul 6 14:08:48 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C9D216A41C; Wed, 6 Jul 2005 14:08:48 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B899543D49; Wed, 6 Jul 2005 14:08:47 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j66E8l5D081889; Wed, 6 Jul 2005 14:08:47 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j66E8les081887; Wed, 6 Jul 2005 14:08:47 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 6 Jul 2005 14:08:47 GMT Message-Id: <200507061408.j66E8les081887@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-05:16.zlib X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jul 2005 14:08:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:16.zlib Security Advisory The FreeBSD Project Topic: Buffer overflow in zlib Category: core Module: libz Announced: 2005-07-06 Credits: Tavis Ormandy Affects: FreeBSD 5.3, FreeBSD 5.4 Corrected: 2005-07-06 14:01:11 UTC (RELENG_5, 5.4-STABLE) 2005-07-06 14:01:30 UTC (RELENG_5_4, 5.4-RELEASE-p4) 2005-07-06 14:01:52 UTC (RELENG_5_3, 5.3-RELEASE-p18) CVE Name: CAN-2005-2096 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background zlib is a compression library used by numerous applications to provide data compression/decompression routines. II. Problem Description An error in the handling of corrupt compressed data streams can result in a buffer being overflowed. III. Impact By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or it may result in the attacker gaining elevated privileges. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or RELENG_5_3 security branch dated after the correction date. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 5.3 and 5.4 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libz/ # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_5 src/lib/libz/inftrees.c 1.4.2.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.13 src/sys/conf/newvers.sh 1.62.2.18.2.9 src/lib/libz/inftrees.c 1.4.6.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.21 src/sys/conf/newvers.sh 1.62.2.15.2.23 src/lib/libz/inftrees.c 1.4.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCy+TYFdaIBMps37IRAqB2AJ4j+wdqj1zJJZdTjskufo7rrsHhcwCgi0SZ wXRUgGbgl/DtNzyvHi7t/bc= =anun -----END PGP SIGNATURE-----