From: curt Date: Mon, 11 Mar 2002 23:03:19 +0000 (+0000) Subject: zlib-1.1.3 had a potential security flaw which is fixed by zlib-1.1.4: X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f6ed02c3fb45de8e63a28a785cd0b5e6ee5d1978;p=simgear.git zlib-1.1.3 had a potential security flaw which is fixed by zlib-1.1.4: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Zlib Advisory 2002-03-11 zlib Compression Library Corrupts malloc Data Structures via Double Free Original release date: March 11, 2002 Last revised: March 11, 2002 Source: This advisory is based on a CERT advisory written by Jeffrey P. Lanza http://www.kb.cert.org/vuls/id/368819 Systems Affected * Any software that is linked against zlib 1.1.3 or earlier * Any data compression library derived from zlib 1.1.3 or earlier Overview There is a vulnerability in the zlib shared library that may introduce vulnerabilities into any program that includes zlib. This vulnerability has been assigned a CVE name of CAN-2002-0059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059 I. Description There is a vulnerability in the decompression algorithm used by the popular zlib compression library. If an attacker is able to pass a specially-crafted block of invalid compressed data to a program that includes zlib, the program's attempt to decompress the crafted data can cause the zlib routines to corrupt the internal data structures maintained by malloc. The vulnerability results from a programming error that causes segments of dynamically allocated memory to be released more than once (aka. "double-freed"). Specifically, when inftrees.c:huft_build() encounters the crafted data, it returns an unexpected Z_MEM_ERROR to inftrees.c:inflate_trees_dynamic(). When a subsequent call is made to infblock.c:inflate_blocks(), the inflate_blocks function tries to free an internal data structure a second time. Because this vulnerability interferes with the proper allocation and de-allocation of dynamic memory, it may be possible for an attacker to influence the operation of programs that include zlib. In most circumstances, this influence will be limited to denial of service or information leakage, but it is theoretically possible for an attacker to insert arbitrary code into a running program. This code would be executed with the permissions of the vulnerable program. II. Impact This vulnerability may introduce vulnerabilities into any program that includes the affected library. Depending upon how and where the zlib routines are called from the given program, the resulting vulnerability may have one or more of the following impacts: denial of service, information leakage, or execution of arbitrary code. III. Solution Upgrade your version of zlib The maintainers of zlib have released version 1.1.4 to address this vulnerability. Any software that is linked against or derived from an earlier version of zlib should be upgraded immediately. The latest version of zlib is available at http://www.zlib.org The md5 sums of the source archives are: abc405d0bdd3ee22782d7aa20e440f08 zlib-1.1.4.tar.gz ea16358be41384870acbdc372f9db152 zlib-1.1.4.tar.bz2 IV. Acknowledgments Thanks to Owen Taylor and Mark Cox of Redhat, Inc. for the reporting and research of this vulnerability. This document is available from http://www.gzip.org/zlib/advisory-2002-03-11.txt The public PGP key of zlib author Jean-loup Gailly is available from http://www.gzip.org/zlib/jloup.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8jSR02aJ9JQGWcacRAuDEAKCWdrRkWeJV9lYU5z8NN56s3m8eKACglR4m 42KDUGHuftBkwACTMCnZLEo= =3yLS -----END PGP SIGNATURE----- --- diff --git a/Makefile.am b/Makefile.am index 51bf46fc..686b138b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -7,7 +7,7 @@ EXTRA_DIST = \ SimGear.dsp \ SimGear.dsw \ metakit-2.4.2-32.tar.gz \ - zlib-1.1.3.tar.gz + zlib-1.1.4.tar.gz SUBDIRS = simgear diff --git a/README.zlib b/README.zlib index d6e870de..6df27439 100644 --- a/README.zlib +++ b/README.zlib @@ -23,10 +23,11 @@ We now send you to the official zlib README ... ============================================================================= -zlib 1.1.3 is a general purpose data compression library. All the code + +zlib 1.1.4 is a general purpose data compression library. All the code is thread safe. The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files -ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate +http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). These documents are also available in other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html @@ -39,51 +40,50 @@ except example.c and minigzip.c. To compile all files and run the test program, follow the instructions given at the top of Makefile. In short "make test; make install" -should work for most machines. For Unix: "configure; make test; make install" +should work for most machines. For Unix: "./configure; make test; make install" For MSDOS, use one of the special makefiles such as Makefile.msc. For VMS, use Make_vms.com or descrip.mms. -Questions about zlib should be sent to , or to +Questions about zlib should be sent to , or to Gilles Vollant for the Windows DLL version. -The zlib home page is http://www.cdrom.com/pub/infozip/zlib/ -The official zlib ftp site is ftp://ftp.cdrom.com/pub/infozip/zlib/ -Before reporting a problem, please check those sites to verify that +The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/ +Before reporting a problem, please check this site to verify that you have the latest version of zlib; otherwise get the latest version and check whether the problem still exists or not. -Mark Nelson wrote an article about zlib for the Jan. 1997 +PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html +before asking for help. + +Mark Nelson wrote an article about zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available in -http://web2.airmail.net/markn/articles/zlibtool/zlibtool.htm - -The changes made in version 1.1.3 are documented in the file ChangeLog. -The main changes since 1.1.2 are: - -- fix "an inflate input buffer bug that shows up on rare but persistent - occasions" (Mark) -- fix gzread and gztell for concatenated .gz files (Didier Le Botlan) -- fix gzseek(..., SEEK_SET) in write mode -- fix crc check after a gzeek (Frank Faubert) -- fix miniunzip when the last entry in a zip file is itself a zip file - (J Lillge) -- add contrib/asm586 and contrib/asm686 (Brian Raiter) - See http://www.muppetlabs.com/~breadbox/software/assembly.html -- add support for Delphi 3 in contrib/delphi (Bob Dellaca) -- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti) -- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren) -- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks) -- added a FAQ file - -plus many changes for portability. +http://dogma.net/markn/articles/zlibtool/zlibtool.htm + +The changes made in version 1.1.4 are documented in the file ChangeLog. +The only changes made since 1.1.3 are bug corrections: + +- ZFREE was repeated on same allocation on some error conditions. + This creates a security problem described in + http://www.zlib.org/advisory-2002-03-11.txt +- Returned incorrect error (Z_MEM_ERROR) on some invalid data +- Avoid accesses before window for invalid distances with inflate window + less than 32K. +- force windowBits > 8 to avoid a bug in the encoder for a window size + of 256 bytes. (A complete fix will be available in 1.1.5). + +The beta version 1.1.5beta includes many more changes. A new official +version 1.1.5 will be released as soon as extensive testing has been +completed on it. + Unsupported third party contributions are provided in directory "contrib". -A Java implementation of zlib is available in the Java Development Kit 1.1 +A Java implementation of zlib is available in the Java Development Kit http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html -See the zlib home page http://www.cdrom.com/pub/infozip/zlib/ for details. +See the zlib home page http://www.zlib.org for details. A Perl interface to zlib written by Paul Marquess -is in the CPAN (Comprehensive Perl Archive Network) sites, such as: -ftp://ftp.cis.ufl.edu/pub/perl/CPAN/modules/by-module/Compress/Compress-Zlib* +is in the CPAN (Comprehensive Perl Archive Network) sites +http://www.cpan.org/modules/by-module/Compress/ A Python interface to zlib written by A.M. Kuchling is available in Python 1.5 and later versions, see @@ -142,7 +142,7 @@ Acknowledgments: Copyright notice: - (C) 1995-1998 Jean-loup Gailly and Mark Adler + (C) 1995-2002 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff --git a/zlib-1.1.3.tar.gz b/zlib-1.1.3.tar.gz deleted file mode 100644 index b2bcf353..00000000 Binary files a/zlib-1.1.3.tar.gz and /dev/null differ diff --git a/zlib-1.1.4.tar.gz b/zlib-1.1.4.tar.gz new file mode 100644 index 00000000..c76b5d80 Binary files /dev/null and b/zlib-1.1.4.tar.gz differ