Skip to content

[AutoPR- Security] Patch bzip2 for CVE-2026-42250 [LOW] #17551

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
azurelinux-security wants to merge 1 commit into
base: 3.0-dev
Choose a base branch
from
Open

[AutoPR- Security] Patch bzip2 for CVE-2026-42250 [LOW] #17551

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions SPECS/bzip2/CVE-2026-42250.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
From a8d093c3002387e044fb9eb4421abe0b9954864e Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Thu, 28 May 2026 16:15:45 +0200
Subject: [PATCH] bzip2recover: Make sure to not process more than
BZ_MAX_HANDLED_BLOCKS

There is an off-by-one in the check before calling tooManyBlocks. This
causes the scanning loop to run one more time and cause a possible
read or write one past the global bStart, bEnd, rbStart and rbEnd
buffers. There are no known exploits of this issue and you will need
to compile with something like gcc -fsanitize=address (ASAN
AddressSanitizer) to observe the faulty read/write.

This has been assigned CVE-2026-42250.

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://sourceware.org/cgit/bzip2/patch/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
---
bzip2recover.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bzip2recover.c b/bzip2recover.c
index a8131e0..4b1c219 100644
--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -402,7 +402,7 @@ Int32 main ( Int32 argc, Char** argv )
rbEnd[rbCtr] = bEnd[currBlock];
rbCtr++;
}
- if (currBlock >= BZ_MAX_HANDLED_BLOCKS)
+ if (currBlock >= BZ_MAX_HANDLED_BLOCKS - 1)
tooManyBlocks(BZ_MAX_HANDLED_BLOCKS);
currBlock++;

--
2.45.4

6 changes: 5 additions & 1 deletion SPECS/bzip2/bzip2.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Summary: Contains programs for compressing and decompressing files
Name: bzip2
Version: 1.0.8
Release: 1%{?dist}
Release: 2%{?dist}
License: BSD
URL: https://sourceware.org/bzip2/index.html
Group: System Environment/Base
Expand All @@ -11,6 +11,7 @@ Source0: https://sourceware.org/pub/%{name}/%{name}-%{version}.tar.gz
Provides: libbz2.so.1()(64bit)
Patch0: https://www.linuxfromscratch.org/patches/lfs/11.0/bzip2-1.0.8-install_docs-1.patch
Patch1: cflags-fix.patch
Patch2: CVE-2026-42250.patch
Requires: bzip2-libs = %{version}-%{release}
Conflicts: toybox

Expand Down Expand Up @@ -94,6 +95,9 @@ make %{?_smp_mflags} check
%{_libdir}/libbz2.so.*

%changelog
* Fri May 29 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.0.8-2
- Patch for CVE-2026-42250

* Thu Oct 14 2021 Jon Slobodzian <joslobo@microsoft.com> - 1.0.8-1
- Upgrade to 1.0.8 to fix CVE-2016-3189

Expand Down
6 changes: 3 additions & 3 deletions toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,9 @@ coreutils-lang-9.4-6.azl3.aarch64.rpm
bash-5.2.15-3.azl3.aarch64.rpm
bash-devel-5.2.15-3.azl3.aarch64.rpm
bash-lang-5.2.15-3.azl3.aarch64.rpm
bzip2-1.0.8-1.azl3.aarch64.rpm
bzip2-devel-1.0.8-1.azl3.aarch64.rpm
bzip2-libs-1.0.8-1.azl3.aarch64.rpm
bzip2-1.0.8-2.azl3.aarch64.rpm
bzip2-devel-1.0.8-2.azl3.aarch64.rpm
bzip2-libs-1.0.8-2.azl3.aarch64.rpm
sed-4.9-2.azl3.aarch64.rpm
sed-lang-4.9-2.azl3.aarch64.rpm
procps-ng-4.0.4-1.azl3.aarch64.rpm
Expand Down
6 changes: 3 additions & 3 deletions toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,9 @@ coreutils-lang-9.4-6.azl3.x86_64.rpm
bash-5.2.15-3.azl3.x86_64.rpm
bash-devel-5.2.15-3.azl3.x86_64.rpm
bash-lang-5.2.15-3.azl3.x86_64.rpm
bzip2-1.0.8-1.azl3.x86_64.rpm
bzip2-devel-1.0.8-1.azl3.x86_64.rpm
bzip2-libs-1.0.8-1.azl3.x86_64.rpm
bzip2-1.0.8-2.azl3.x86_64.rpm
bzip2-devel-1.0.8-2.azl3.x86_64.rpm
bzip2-libs-1.0.8-2.azl3.x86_64.rpm
sed-4.9-2.azl3.x86_64.rpm
sed-lang-4.9-2.azl3.x86_64.rpm
procps-ng-4.0.4-1.azl3.x86_64.rpm
Expand Down
8 changes: 4 additions & 4 deletions toolkit/resources/manifests/package/toolchain_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,10 @@ binutils-debuginfo-2.41-13.azl3.aarch64.rpm
binutils-devel-2.41-13.azl3.aarch64.rpm
bison-3.8.2-1.azl3.aarch64.rpm
bison-debuginfo-3.8.2-1.azl3.aarch64.rpm
bzip2-1.0.8-1.azl3.aarch64.rpm
bzip2-debuginfo-1.0.8-1.azl3.aarch64.rpm
bzip2-devel-1.0.8-1.azl3.aarch64.rpm
bzip2-libs-1.0.8-1.azl3.aarch64.rpm
bzip2-1.0.8-2.azl3.aarch64.rpm
bzip2-debuginfo-1.0.8-2.azl3.aarch64.rpm
bzip2-devel-1.0.8-2.azl3.aarch64.rpm
bzip2-libs-1.0.8-2.azl3.aarch64.rpm
ca-certificates-3.0.0-14.azl3.noarch.rpm
ca-certificates-base-3.0.0-14.azl3.noarch.rpm
ca-certificates-legacy-3.0.0-14.azl3.noarch.rpm
Expand Down
8 changes: 4 additions & 4 deletions toolkit/resources/manifests/package/toolchain_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,10 @@ binutils-debuginfo-2.41-13.azl3.x86_64.rpm
binutils-devel-2.41-13.azl3.x86_64.rpm
bison-3.8.2-1.azl3.x86_64.rpm
bison-debuginfo-3.8.2-1.azl3.x86_64.rpm
bzip2-1.0.8-1.azl3.x86_64.rpm
bzip2-debuginfo-1.0.8-1.azl3.x86_64.rpm
bzip2-devel-1.0.8-1.azl3.x86_64.rpm
bzip2-libs-1.0.8-1.azl3.x86_64.rpm
bzip2-1.0.8-2.azl3.x86_64.rpm
bzip2-debuginfo-1.0.8-2.azl3.x86_64.rpm
bzip2-devel-1.0.8-2.azl3.x86_64.rpm
bzip2-libs-1.0.8-2.azl3.x86_64.rpm
ca-certificates-3.0.0-14.azl3.noarch.rpm
ca-certificates-base-3.0.0-14.azl3.noarch.rpm
ca-certificates-legacy-3.0.0-14.azl3.noarch.rpm
Expand Down
Loading