diff --git a/SPECS/bzip2/CVE-2026-42250.patch b/SPECS/bzip2/CVE-2026-42250.patch new file mode 100644 index 00000000000..41c5d9deb0b --- /dev/null +++ b/SPECS/bzip2/CVE-2026-42250.patch @@ -0,0 +1,37 @@ +From a8d093c3002387e044fb9eb4421abe0b9954864e Mon Sep 17 00:00:00 2001 +From: Mark Wielaard +Date: Thu, 28 May 2026 16:15:45 +0200 +Subject: [PATCH] bzip2recover: Make sure to not process more than + BZ_MAX_HANDLED_BLOCKS + +There is an off-by-one in the check before calling tooManyBlocks. This +causes the scanning loop to run one more time and cause a possible +read or write one past the global bStart, bEnd, rbStart and rbEnd +buffers. There are no known exploits of this issue and you will need +to compile with something like gcc -fsanitize=address (ASAN +AddressSanitizer) to observe the faulty read/write. + +This has been assigned CVE-2026-42250. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://sourceware.org/cgit/bzip2/patch/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 +--- + bzip2recover.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bzip2recover.c b/bzip2recover.c +index a8131e0..4b1c219 100644 +--- a/bzip2recover.c ++++ b/bzip2recover.c +@@ -402,7 +402,7 @@ Int32 main ( Int32 argc, Char** argv ) + rbEnd[rbCtr] = bEnd[currBlock]; + rbCtr++; + } +- if (currBlock >= BZ_MAX_HANDLED_BLOCKS) ++ if (currBlock >= BZ_MAX_HANDLED_BLOCKS - 1) + tooManyBlocks(BZ_MAX_HANDLED_BLOCKS); + currBlock++; + +-- +2.45.4 + diff --git a/SPECS/bzip2/bzip2.spec b/SPECS/bzip2/bzip2.spec index 8d4c6a33ec1..e17c2e4a5b6 100644 --- a/SPECS/bzip2/bzip2.spec +++ b/SPECS/bzip2/bzip2.spec @@ -1,7 +1,7 @@ Summary: Contains programs for compressing and decompressing files Name: bzip2 Version: 1.0.8 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD URL: https://sourceware.org/bzip2/index.html Group: System Environment/Base @@ -11,6 +11,7 @@ Source0: https://sourceware.org/pub/%{name}/%{name}-%{version}.tar.gz Provides: libbz2.so.1()(64bit) Patch0: https://www.linuxfromscratch.org/patches/lfs/11.0/bzip2-1.0.8-install_docs-1.patch Patch1: cflags-fix.patch +Patch2: CVE-2026-42250.patch Requires: bzip2-libs = %{version}-%{release} Conflicts: toybox @@ -94,6 +95,9 @@ make %{?_smp_mflags} check %{_libdir}/libbz2.so.* %changelog +* Fri May 29 2026 Azure Linux Security Servicing Account - 1.0.8-2 +- Patch for CVE-2026-42250 + * Thu Oct 14 2021 Jon Slobodzian - 1.0.8-1 - Upgrade to 1.0.8 to fix CVE-2016-3189 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index be154837446..57eaaaa1099 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -49,9 +49,9 @@ coreutils-lang-9.4-6.azl3.aarch64.rpm bash-5.2.15-3.azl3.aarch64.rpm bash-devel-5.2.15-3.azl3.aarch64.rpm bash-lang-5.2.15-3.azl3.aarch64.rpm -bzip2-1.0.8-1.azl3.aarch64.rpm -bzip2-devel-1.0.8-1.azl3.aarch64.rpm -bzip2-libs-1.0.8-1.azl3.aarch64.rpm +bzip2-1.0.8-2.azl3.aarch64.rpm +bzip2-devel-1.0.8-2.azl3.aarch64.rpm +bzip2-libs-1.0.8-2.azl3.aarch64.rpm sed-4.9-2.azl3.aarch64.rpm sed-lang-4.9-2.azl3.aarch64.rpm procps-ng-4.0.4-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index ea28ddbf634..e4ee2a4698c 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -49,9 +49,9 @@ coreutils-lang-9.4-6.azl3.x86_64.rpm bash-5.2.15-3.azl3.x86_64.rpm bash-devel-5.2.15-3.azl3.x86_64.rpm bash-lang-5.2.15-3.azl3.x86_64.rpm -bzip2-1.0.8-1.azl3.x86_64.rpm -bzip2-devel-1.0.8-1.azl3.x86_64.rpm -bzip2-libs-1.0.8-1.azl3.x86_64.rpm +bzip2-1.0.8-2.azl3.x86_64.rpm +bzip2-devel-1.0.8-2.azl3.x86_64.rpm +bzip2-libs-1.0.8-2.azl3.x86_64.rpm sed-4.9-2.azl3.x86_64.rpm sed-lang-4.9-2.azl3.x86_64.rpm procps-ng-4.0.4-1.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 0b6c7843bea..fdd95223db5 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -35,10 +35,10 @@ binutils-debuginfo-2.41-13.azl3.aarch64.rpm binutils-devel-2.41-13.azl3.aarch64.rpm bison-3.8.2-1.azl3.aarch64.rpm bison-debuginfo-3.8.2-1.azl3.aarch64.rpm -bzip2-1.0.8-1.azl3.aarch64.rpm -bzip2-debuginfo-1.0.8-1.azl3.aarch64.rpm -bzip2-devel-1.0.8-1.azl3.aarch64.rpm -bzip2-libs-1.0.8-1.azl3.aarch64.rpm +bzip2-1.0.8-2.azl3.aarch64.rpm +bzip2-debuginfo-1.0.8-2.azl3.aarch64.rpm +bzip2-devel-1.0.8-2.azl3.aarch64.rpm +bzip2-libs-1.0.8-2.azl3.aarch64.rpm ca-certificates-3.0.0-14.azl3.noarch.rpm ca-certificates-base-3.0.0-14.azl3.noarch.rpm ca-certificates-legacy-3.0.0-14.azl3.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 46fd57f67aa..dca4744c34d 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -38,10 +38,10 @@ binutils-debuginfo-2.41-13.azl3.x86_64.rpm binutils-devel-2.41-13.azl3.x86_64.rpm bison-3.8.2-1.azl3.x86_64.rpm bison-debuginfo-3.8.2-1.azl3.x86_64.rpm -bzip2-1.0.8-1.azl3.x86_64.rpm -bzip2-debuginfo-1.0.8-1.azl3.x86_64.rpm -bzip2-devel-1.0.8-1.azl3.x86_64.rpm -bzip2-libs-1.0.8-1.azl3.x86_64.rpm +bzip2-1.0.8-2.azl3.x86_64.rpm +bzip2-debuginfo-1.0.8-2.azl3.x86_64.rpm +bzip2-devel-1.0.8-2.azl3.x86_64.rpm +bzip2-libs-1.0.8-2.azl3.x86_64.rpm ca-certificates-3.0.0-14.azl3.noarch.rpm ca-certificates-base-3.0.0-14.azl3.noarch.rpm ca-certificates-legacy-3.0.0-14.azl3.noarch.rpm