* zlib vulnerability and modutils
@ 2002-03-11 22:56 Keith Owens
2002-03-11 23:45 ` Ville Herva
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Keith Owens @ 2002-03-11 22:56 UTC (permalink / raw)
To: linux-kernel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
A double free vulnerability has been found in zlib which can be used in
a DoS or possibly in an exploit. Distributions are now shipping
upgraded versions of zlib, installing the new version of zlib will fix
programs that use the shared library.
modutils has an option --enable-zlib which lets modprobe and insmod
read modules that have been compressed with gzip. If you built your
modutils with --enable-zlib and are using insmod.static then you must
rebuild modutils after first upgrading zlib. This only applies if
modutils was built with --enable-zlib (the default is not to use zlib)
and you also use static versions of modutils.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999
iD8DBQE8jTYQi4UHNye0ZOoRAnnhAKCrNZ2l8i1JHEVY3fJBnGYrpqAEBgCcDM0q
tPtmhPq2fdJODlfzLlAatmU=
=8r7c
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: zlib vulnerability and modutils 2002-03-11 22:56 zlib vulnerability and modutils Keith Owens @ 2002-03-11 23:45 ` Ville Herva 2002-03-12 0:04 ` David Woodhouse 2002-03-12 9:48 ` Ville Herva 2 siblings, 0 replies; 7+ messages in thread From: Ville Herva @ 2002-03-11 23:45 UTC (permalink / raw) To: linux-kernel On Tue, Mar 12, 2002 at 09:56:20AM +1100, you [Keith Owens] wrote: > Content-Type: text/plain; charset=us-ascii > > A double free vulnerability has been found in zlib which can be used in > a DoS or possibly in an exploit. Distributions are now shipping > upgraded versions of zlib, installing the new version of zlib will fix > programs that use the shared library. Is there a patch for the kernel ppp zlib implementation available somewhere? I'd like to patch the kernels I'm running rather than stuffing a random vendor kernel to the boxes... -- v -- v@iki.fi ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: zlib vulnerability and modutils 2002-03-11 22:56 zlib vulnerability and modutils Keith Owens 2002-03-11 23:45 ` Ville Herva @ 2002-03-12 0:04 ` David Woodhouse 2002-03-12 0:08 ` Ville Herva 2002-03-12 9:48 ` Ville Herva 2 siblings, 1 reply; 7+ messages in thread From: David Woodhouse @ 2002-03-12 0:04 UTC (permalink / raw) To: Ville Herva; +Cc: linux-kernel vherva@niksula.hut.fi said: > Is there a patch for the kernel ppp zlib implementation available > somewhere? I'd like to patch the kernels I'm running rather than > stuffing a random vendor kernel to the boxes... ftp://ftp.kernel.org/pub/linux/kernel/people/dwmw2/linux-2.4.19-shared-zlib.bz2 That's a backport of the shared zlib from 2.5.6. As it does all its memory allocation beforehand, I _assume_ it doesn't suffer the same problem. It may be a little more intrusive than you wanted though. -- dwmw2 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: zlib vulnerability and modutils 2002-03-12 0:04 ` David Woodhouse @ 2002-03-12 0:08 ` Ville Herva 2002-03-12 9:46 ` Ville Herva 0 siblings, 1 reply; 7+ messages in thread From: Ville Herva @ 2002-03-12 0:08 UTC (permalink / raw) To: David Woodhouse; +Cc: linux-kernel On Tue, Mar 12, 2002 at 12:04:53AM +0000, you [David Woodhouse] wrote: > > vherva@niksula.hut.fi said: > > Is there a patch for the kernel ppp zlib implementation available > > somewhere? I'd like to patch the kernels I'm running rather than > > stuffing a random vendor kernel to the boxes... > > ftp://ftp.kernel.org/pub/linux/kernel/people/dwmw2/linux-2.4.19-shared-zlib.bz2 > > That's a backport of the shared zlib from 2.5.6. As it does all its > memory allocation beforehand, I _assume_ it doesn't suffer the same problem. Thanks. > It may be a little more intrusive than you wanted though. Quite possibly -- at least considering that some of the kernels I run are still 2.2.x and even 2.0.x... I'll have a look anyway. -- v -- v@iki.fi ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: zlib vulnerability and modutils 2002-03-12 0:08 ` Ville Herva @ 2002-03-12 9:46 ` Ville Herva 2002-03-12 13:37 ` Ville Herva 0 siblings, 1 reply; 7+ messages in thread From: Ville Herva @ 2002-03-12 9:46 UTC (permalink / raw) To: David Woodhouse, linux-kernel On Tue, Mar 12, 2002 at 02:08:28AM +0200, you [Ville Herva] wrote: > > > > It may be a little more intrusive than you wanted though. > > Quite possibly -- at least considering that some of the kernels I run are > still 2.2.x and even 2.0.x... I suppose this patch http://cvs.samba.org/cgi-bin/cvsweb/rsync/zlib/infblock.c.diff?r1=text&tr1=1.2&r2=text&tr2=1.6&f=u i closer to what I need. It seems most vendors have only patched ppp's zlib implementation (drivers/net/zlib.c). I couldn't find that particular patch in redhat update kernel .src.rpm, tough. I guess I'll have to apply the zlib diff by hand. -- v -- v@iki.fi ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: zlib vulnerability and modutils 2002-03-12 9:46 ` Ville Herva @ 2002-03-12 13:37 ` Ville Herva 0 siblings, 0 replies; 7+ messages in thread From: Ville Herva @ 2002-03-12 13:37 UTC (permalink / raw) To: David Woodhouse, linux-kernel On Tue, Mar 12, 2002 at 11:46:42AM +0200, you [Ville Herva] wrote: > On Tue, Mar 12, 2002 at 02:08:28AM +0200, you [Ville Herva] wrote: > > > > > > It may be a little more intrusive than you wanted though. > > > > Quite possibly -- at least considering that some of the kernels I run are > > still 2.2.x and even 2.0.x... > > I suppose this patch > > http://cvs.samba.org/cgi-bin/cvsweb/rsync/zlib/infblock.c.diff?r1=text&tr1=1.2&r2=text&tr2=1.6&f=u > > is closer to what I need. It seems most vendors have only patched ppp's zlib > implementation (drivers/net/zlib.c). I couldn't find that particular patch > in redhat update kernel .src.rpm, tough. I guess I'll have to apply the zlib > diff by hand. Ok, I found the following in the redhat errata kernel .src.rpm. It was well hidden in ipvs-1.0.6-2.2.19.patch... I guess this is the same that Arjan sent to Alan. However, this does not apply to 2.0. -- v -- v@iki.fi --- linux/drivers/net/zlib.c Fri Feb 8 10:35:28 2001 +++ linux/drivers/net/zlib.c Fri Feb 8 10:35:30 2001 @@ -3860,10 +3860,11 @@ &s->sub.trees.tb, z); if (t != Z_OK) { - ZFREE(z, s->sub.trees.blens); r = t; - if (r == Z_DATA_ERROR) + if (r == Z_DATA_ERROR) { s->mode = BADB; + ZFREE(z, s->sub.trees.blens); + } LEAVE } s->sub.trees.index = 0; @@ -3928,14 +3929,16 @@ #endif t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f), s->sub.trees.blens, &bl, &bd, &tl, &td, z); - ZFREE(z, s->sub.trees.blens); if (t != Z_OK) { - if (t == (uInt)Z_DATA_ERROR) + if (t == (uInt)Z_DATA_ERROR) { s->mode = BADB; + ZFREE(z, s->sub.trees.blens); + } r = t; LEAVE } + ZFREE(z, s->sub.trees.blens); Tracev((stderr, "inflate: trees ok, %d * %d bytes used\n", inflate_hufts, sizeof(inflate_huft))); if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL) ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: zlib vulnerability and modutils 2002-03-11 22:56 zlib vulnerability and modutils Keith Owens 2002-03-11 23:45 ` Ville Herva 2002-03-12 0:04 ` David Woodhouse @ 2002-03-12 9:48 ` Ville Herva 2 siblings, 0 replies; 7+ messages in thread From: Ville Herva @ 2002-03-12 9:48 UTC (permalink / raw) To: Keith Owens; +Cc: linux-kernel On Tue, Mar 12, 2002 at 09:56:20AM +1100, you [Keith Owens] wrote: > Content-Type: text/plain; charset=us-ascii > > A double free vulnerability has been found in zlib which can be used in > a DoS or possibly in an exploit. Distributions are now shipping > upgraded versions of zlib, installing the new version of zlib will fix > programs that use the shared library. > > modutils has an option --enable-zlib which lets modprobe and insmod > read modules that have been compressed with gzip. If you built your > modutils with --enable-zlib and are using insmod.static then you must > rebuild modutils after first upgrading zlib. This only applies if > modutils was built with --enable-zlib (the default is not to use zlib) > and you also use static versions of modutils. I'm propably missing something, but if you load untrusted kernel modules (compressed or not), isn't the zlib vulnerability least of your concerns? -- v -- v@iki.fi ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-03-12 13:38 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-03-11 22:56 zlib vulnerability and modutils Keith Owens 2002-03-11 23:45 ` Ville Herva 2002-03-12 0:04 ` David Woodhouse 2002-03-12 0:08 ` Ville Herva 2002-03-12 9:46 ` Ville Herva 2002-03-12 13:37 ` Ville Herva 2002-03-12 9:48 ` Ville Herva
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.