diff --git a/SPECS/zlib/CVE-2026-27171.patch b/SPECS/zlib/CVE-2026-27171.patch new file mode 100644 index 00000000000..9a765b62ed6 --- /dev/null +++ b/SPECS/zlib/CVE-2026-27171.patch @@ -0,0 +1,60 @@ +From 1cdb448d5b62c26c9a7cf81c26f33f0152bf7ed6 Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Mon, 2 Mar 2026 18:11:41 +0000 +Subject: [PATCH] Check for negative lengths in crc32_combine + functions.\n\nThough zlib.h says that len2 must be non-negative, this avoids + the possibility of an accidental infinite loop. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/madler/zlib/commit/ba829a458576d1ff0f26fc7230c6de816d1f6a77.patch +--- + crc32.c | 4 ++++ + zlib.h | 4 ++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/crc32.c b/crc32.c +index f8357b0..d00567c 100644 +--- a/crc32.c ++++ b/crc32.c +@@ -1083,6 +1083,8 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2) + uLong crc2; + z_off64_t len2; + { ++ if (len2 < 0) ++ return 0; + #ifdef DYNAMIC_CRC_TABLE + once(&made, make_crc_table); + #endif /* DYNAMIC_CRC_TABLE */ +@@ -1102,6 +1104,8 @@ uLong ZEXPORT crc32_combine(crc1, crc2, len2) + uLong ZEXPORT crc32_combine_gen64(len2) + z_off64_t len2; + { ++ if (len2 < 0) ++ return 0; + #ifdef DYNAMIC_CRC_TABLE + once(&made, make_crc_table); + #endif /* DYNAMIC_CRC_TABLE */ +diff --git a/zlib.h b/zlib.h +index 953cb50..3746873 100644 +--- a/zlib.h ++++ b/zlib.h +@@ -1755,14 +1755,14 @@ ZEXTERN uLong ZEXPORT crc32_combine OF((uLong crc1, uLong crc2, z_off_t len2)); + seq1 and seq2 with lengths len1 and len2, CRC-32 check values were + calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32 + check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and +- len2. ++ len2. len2 must be non-negative, otherwise zero is returned. + */ + + /* + ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t len2)); + + Return the operator corresponding to length len2, to be used with +- crc32_combine_op(). ++ crc32_combine_op(). len2 must be non-negative, otherwise zero is returned. + */ + + ZEXTERN uLong ZEXPORT crc32_combine_op OF((uLong crc1, uLong crc2, uLong op)); +-- +2.45.4 + diff --git a/SPECS/zlib/zlib.spec b/SPECS/zlib/zlib.spec index aeac5acc4bf..91daf1e7812 100644 --- a/SPECS/zlib/zlib.spec +++ b/SPECS/zlib/zlib.spec @@ -1,7 +1,7 @@ Summary: Compression and decompression routines Name: zlib Version: 1.2.13 -Release: 2%{?dist} +Release: 3%{?dist} URL: https://www.zlib.net/ License: zlib Group: Applications/System @@ -9,6 +9,7 @@ Vendor: Microsoft Corporation Distribution: Mariner Source0: https://github.com/madler/zlib/releases/download/v%{version}/%{name}-%{version}.tar.xz Patch0: CVE-2023-45853.patch +Patch1: CVE-2026-27171.patch %description Compression and decompression routines %package devel @@ -50,6 +51,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/zlib.3.gz %changelog +* Mon Mar 02 2026 Azure Linux Security Servicing Account - 1.2.13-3 +- Patch for CVE-2026-27171 + * Thu Oct 19 2023 Nan Liu - 1.2.13-2 - Add patch to address CVE-2023-45853 - Fix invalid source URL diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index f552ae36f1f..e41e08c640e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -7,8 +7,8 @@ glibc-iconv-2.35-10.cm2.aarch64.rpm glibc-lang-2.35-10.cm2.aarch64.rpm glibc-nscd-2.35-10.cm2.aarch64.rpm glibc-tools-2.35-10.cm2.aarch64.rpm -zlib-1.2.13-2.cm2.aarch64.rpm -zlib-devel-1.2.13-2.cm2.aarch64.rpm +zlib-1.2.13-3.cm2.aarch64.rpm +zlib-devel-1.2.13-3.cm2.aarch64.rpm file-5.40-3.cm2.aarch64.rpm file-devel-5.40-3.cm2.aarch64.rpm file-libs-5.40-3.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d2ec952ecd3..7e8c7375d34 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -7,8 +7,8 @@ glibc-iconv-2.35-10.cm2.x86_64.rpm glibc-lang-2.35-10.cm2.x86_64.rpm glibc-nscd-2.35-10.cm2.x86_64.rpm glibc-tools-2.35-10.cm2.x86_64.rpm -zlib-1.2.13-2.cm2.x86_64.rpm -zlib-devel-1.2.13-2.cm2.x86_64.rpm +zlib-1.2.13-3.cm2.x86_64.rpm +zlib-devel-1.2.13-3.cm2.x86_64.rpm file-5.40-3.cm2.x86_64.rpm file-devel-5.40-3.cm2.x86_64.rpm file-libs-5.40-3.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 781bfceb865..bb165f3de41 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -586,9 +586,9 @@ xz-lang-5.2.5-1.cm2.aarch64.rpm xz-libs-5.2.5-1.cm2.aarch64.rpm zip-3.0-5.cm2.aarch64.rpm zip-debuginfo-3.0-5.cm2.aarch64.rpm -zlib-1.2.13-2.cm2.aarch64.rpm -zlib-debuginfo-1.2.13-2.cm2.aarch64.rpm -zlib-devel-1.2.13-2.cm2.aarch64.rpm +zlib-1.2.13-3.cm2.aarch64.rpm +zlib-debuginfo-1.2.13-3.cm2.aarch64.rpm +zlib-devel-1.2.13-3.cm2.aarch64.rpm zstd-1.5.4-1.cm2.aarch64.rpm zstd-debuginfo-1.5.4-1.cm2.aarch64.rpm zstd-devel-1.5.4-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 297539b70ac..1894cd1644b 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -592,9 +592,9 @@ xz-lang-5.2.5-1.cm2.x86_64.rpm xz-libs-5.2.5-1.cm2.x86_64.rpm zip-3.0-5.cm2.x86_64.rpm zip-debuginfo-3.0-5.cm2.x86_64.rpm -zlib-1.2.13-2.cm2.x86_64.rpm -zlib-debuginfo-1.2.13-2.cm2.x86_64.rpm -zlib-devel-1.2.13-2.cm2.x86_64.rpm +zlib-1.2.13-3.cm2.x86_64.rpm +zlib-debuginfo-1.2.13-3.cm2.x86_64.rpm +zlib-devel-1.2.13-3.cm2.x86_64.rpm zstd-1.5.4-1.cm2.x86_64.rpm zstd-debuginfo-1.5.4-1.cm2.x86_64.rpm zstd-devel-1.5.4-1.cm2.x86_64.rpm