Debian Bug report logs - #252253
SIGSEGV in zlib1g 1.2.1.1-3 with pwzip-file

version graph

Package: zlib1g; Maintainer for zlib1g is Mark Brown <broonie@debian.org>; Source for zlib1g is src:zlib.

Reported by: Johan Thelmén <johan.thelmen@cygate.se>

Date: Wed, 2 Jun 2004 11:18:03 UTC

Severity: important

Tags: confirmed, fixed-upstream, patch, upstream

Found in version 1.2.1.1-3

Fixed in version zlib/1:1.2.1.1-6

Done: Mark Brown <broonie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Mark Brown <broonie@debian.org>:
Bug#252253; Package zlib1g. Full text and rfc822 format available.

Acknowledgement sent to Johan Thelmén <johan.thelmen@cygate.se>:
New Bug report received and forwarded. Copy sent to Mark Brown <broonie@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Johan Thelmén <johan.thelmen@cygate.se>
To: submit@bugs.debian.org
Subject: SIGSEGV in zlib1g 1.2.1.1-3 with pwzip-file
Date: Wed, 2 Jun 2004 13:06:36 +0200
Package: zlib1g
Version: 1.2.1.1-3
Severity: important

Debian verison 0.70 and also in clamscan / ClamAV version devel-20040602
ii  zlib1g                       1.2.1.1-3

With zlib1g_1.1.4-1.0woody0_i386.deb it is working.


inflate_table (type=LENS, lens=0x8c24c08, codes=281, table=0x8c24c04, bits=0x8c24bec, work=0x8c24e88) at inftrees.c:110
110             count[lens[sym]]++;
(gdb) bt
#0  inflate_table (type=LENS, lens=0x8c24c08, codes=281, table=0x8c24c04, bits=0x8c24bec, work=0x8c24e88) at inftrees.c:110
#1  0x4006745b in inflate (strm=0x8054db8, flush=0) at inflate.c:868
#2  0x400273d9 in zzip_file_read (fp=0x8054d90, buf=0x0, len=146951176) at zziplib/zzip-file.c:391
#3  0x4002169b in cli_scanzip (desc=7, virname=0xbffff7a8, scanned=0x80529dc, root=0x805b198, limits=0x8c27338, options=9,
    reclev=0xbffff784) at scanners.c:457
#4  0x40023139 in cli_magic_scandesc (desc=7, virname=0xbffff7a8, scanned=0x80529dc, root=0x805b198, limits=0x8c27338, options=9,
    reclev=0xbffff784) at scanners.c:1072
#5  0x40023362 in cl_scandesc (desc=146951176, virname=0x8c24c08, scanned=0x8c24c08, root=0x8c24c08, limits=0x8c24c08,
    options=146951176) at scanners.c:1136
#6  0x0804dac8 in checkfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x8c24c08, limits=0x8c24c08, options=146951176)
    at manager.c:832
#7  0x0804ca05 in scanfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x805b198, user=0x401f3f58, opt=0x8053008,
    limits=0x8c27338) at manager.c:513
#8  0x0804bdad in scanmanager (opt=0x8053008) at manager.c:307
#9  0x0804ab43 in clamscan (opt=0x8053008) at clamscan.c:147
#10 0x0804b2b8 in main (argc=2, argv=0xbffffb54) at options.c:149

-- 
Johan Thelmén
Cygate Måldata
Sweden Borlänge



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#252253; Package zlib1g. Full text and rfc822 format available.

Acknowledgement sent to Mark Brown <broonie@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 252253@bugs.debian.org (full text, mbox):

From: Mark Brown <broonie@debian.org>
To: Johan Thelmén <johan.thelmen@cygate.se>, 252253@bugs.debian.org
Subject: Re: Bug#252253: SIGSEGV in zlib1g 1.2.1.1-3 with pwzip-file
Date: Wed, 2 Jun 2004 20:46:18 +0100
On Wed, Jun 02, 2004 at 01:06:36PM +0200, Johan Thelmén wrote:

> #7  0x0804ca05 in scanfile (filename=0x8054c08 "3556419.4495.BKSO1kjuV", root=0x805b198, user=0x401f3f58, opt=0x8053008,

Could you please supply one of these files that's causing trouble?

Thanks.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."



Tags added: upstream Request was from broonie@sirena.org.uk (Mark Brown) to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: confirmed Request was from broonie@sirena.org.uk (Mark Brown) to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#252253; Package zlib1g. Full text and rfc822 format available.

Acknowledgement sent to Mark Brown <broonie@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #19 received at 252253@bugs.debian.org (full text, mbox):

From: Mark Brown <broonie@debian.org>
To: 252253@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Got a fix for this
Date: Fri, 11 Jun 2004 22:34:44 +0100
tag 252253 + patch pending
thanks

I've got a fix which appears to deal with the problem.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."



Tags added: patch, pending Request was from Mark Brown <broonie@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed-upstream Request was from broonie@sirena.org.uk (Mark Brown) to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Mark Brown <broonie@debian.org>:
Bug#252253; Package zlib1g. Full text and rfc822 format available.

Acknowledgement sent to linux@internetists.de:
Extra info received and forwarded to list. Copy sent to Mark Brown <broonie@debian.org>. Full text and rfc822 format available.

Message #28 received at 252253@bugs.debian.org (full text, mbox):

From: Chris Lehnberger <linux@internetists.de>
To: 252253@bugs.debian.org
Subject: Denial of Service attack possible?
Date: Wed, 25 Aug 2004 22:47:57 +0200
Good Morning,

according to the following link http://lwn.net/Articles/99288/ the severity 
should be changed or is this bug fixed in zlib1:1.2.1.1-5?

Regards

Chris




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#252253; Package zlib1g. Full text and rfc822 format available.

Acknowledgement sent to Mark Brown <broonie@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #33 received at 252253@bugs.debian.org (full text, mbox):

From: Mark Brown <broonie@debian.org>
To: linux@internetists.de, 252253@bugs.debian.org
Subject: Re: Bug#252253: Denial of Service attack possible?
Date: Thu, 26 Aug 2004 10:28:02 +0100
On Wed, Aug 25, 2004 at 10:47:57PM +0200, Chris Lehnberger wrote:

> according to the following link http://lwn.net/Articles/99288/ the severity 
> should be changed or is this bug fixed in zlib1:1.2.1.1-5?

Probably, though the release and security teams are already aware.  It
will be fixed in -6. 

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."



Reply sent to Mark Brown <broonie@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Johan Thelmén <johan.thelmen@cygate.se>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #38 received at 252253-close@bugs.debian.org (full text, mbox):

From: Mark Brown <broonie@debian.org>
To: 252253-close@bugs.debian.org
Subject: Bug#252253: fixed in zlib 1:1.2.1.1-6
Date: Fri, 27 Aug 2004 16:17:10 -0400
Source: zlib
Source-Version: 1:1.2.1.1-6

We believe that the bug you reported is fixed in the latest version of
zlib, which is due to be installed in the Debian FTP archive:

zlib-bin_1.2.1.1-6_i386.deb
  to pool/main/z/zlib/zlib-bin_1.2.1.1-6_i386.deb
zlib1g-dev_1.2.1.1-6_i386.deb
  to pool/main/z/zlib/zlib1g-dev_1.2.1.1-6_i386.deb
zlib1g-udeb_1.2.1.1-6_i386.udeb
  to pool/main/z/zlib/zlib1g-udeb_1.2.1.1-6_i386.udeb
zlib1g_1.2.1.1-6_i386.deb
  to pool/main/z/zlib/zlib1g_1.2.1.1-6_i386.deb
zlib_1.2.1.1-6.diff.gz
  to pool/main/z/zlib/zlib_1.2.1.1-6.diff.gz
zlib_1.2.1.1-6.dsc
  to pool/main/z/zlib/zlib_1.2.1.1-6.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 252253@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Brown <broonie@debian.org> (supplier of updated zlib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 21 Aug 2004 23:30:57 +0100
Source: zlib
Binary: zlib1g-dev zlib1g lib64z1-dev lib64z1 zlib1g-udeb zlib-bin
Architecture: source i386
Version: 1:1.2.1.1-6
Distribution: testing
Urgency: high
Maintainer: Mark Brown <broonie@debian.org>
Changed-By: Mark Brown <broonie@debian.org>
Description: 
 zlib-bin   - compression library - sample programs
 zlib1g     - compression library - runtime
 zlib1g-dev - compression library - development
 zlib1g-udeb - compression library - runtime for Debian installer (udeb)
Closes: 252253
Changes: 
 zlib (1:1.2.1.1-6) testing; urgency=high
 .
   * Fix the error handling in the new inflate implementation to avoid
     incorrectly continuing to process in the error state.  Thanks to Johan
     Thelmén <johan.thelmen@cygate.se> for his help in finding and fixing this
     bug.  This is CAN-2004-0797 (closes: #252253).
Files: 
 08adcb71b4ed23d9b38fd5912f86c73c 679 libs optional zlib_1.2.1.1-6.dsc
 4e8989cfce378495761a467b275ec09c 17454 libs optional zlib_1.2.1.1-6.diff.gz
 e1e08653f9d0d79c9a50a8c6742bb557 38320 debian-installer optional zlib1g-udeb_1.2.1.1-6_i386.udeb
 a6d230f3f3969ae7d1895435b4662282 62070 libs required zlib1g_1.2.1.1-6_i386.deb
 70872f7645e1a0b5efd308ce3534cec4 409254 libdevel optional zlib1g-dev_1.2.1.1-6_i386.deb
 104c1001587d0edaab3b39765ce8f729 25232 utils optional zlib-bin_1.2.1.1-6_i386.deb
package-type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBLjsoJ2Vo11xhU60RAjo6AKDj2h5S3sCopTfht9zTAg+7dYTGvQCgiexj
2X8ccdghMn1fyyWoQCNntbk=
=65/v
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:50:37 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.