SUSE-SU-2017:0003-1

Опубликовано: 02 янв. 2017

Источник: suse-cvrf

Описание

Security update for zlib

This update for zlib fixes the following issues:

CVE-2016-9843: Big-endian out-of-bounds pointer

CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580)

CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579)

Incompatible declarations for external linkage function deflate (bsc#1003577)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

libz1-1.2.8-11.1

libz1-32bit-1.2.8-11.1

zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server 12 SP2

libz1-1.2.8-11.1

libz1-32bit-1.2.8-11.1

zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

libz1-1.2.8-11.1

zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libz1-1.2.8-11.1

libz1-32bit-1.2.8-11.1

zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Software Development Kit 12 SP2

zlib-devel-1.2.8-11.1

zlib-devel-32bit-1.2.8-11.1

zlib-devel-static-1.2.8-11.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20170003-1/
Link for SUSE-SU-2017:0003-1
https://lists.suse.com/pipermail/sle-security-updates/2017-January/002540.html
E-Mail link for SUSE-SU-2017:0003-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1003577
SUSE Bug 1003577
https://bugzilla.suse.com/1003579
SUSE Bug 1003579
https://bugzilla.suse.com/1003580
SUSE Bug 1003580
https://bugzilla.suse.com/1013882
SUSE Bug 1013882
https://www.suse.com/security/cve/CVE-2016-9840/
SUSE CVE CVE-2016-9840 page
https://www.suse.com/security/cve/CVE-2016-9841/
SUSE CVE CVE-2016-9841 page
https://www.suse.com/security/cve/CVE-2016-9842/
SUSE CVE CVE-2016-9842 page
https://www.suse.com/security/cve/CVE-2016-9843/
SUSE CVE CVE-2016-9843 page

Описание

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libz1-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:libz1-32bit-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server 12 SP2:libz1-1.2.8-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9840.html
CVE-2016-9840
https://bugzilla.suse.com/1003579
SUSE Bug 1003579
https://bugzilla.suse.com/1022633
SUSE Bug 1022633
https://bugzilla.suse.com/1023215
SUSE Bug 1023215
https://bugzilla.suse.com/1038505
SUSE Bug 1038505
https://bugzilla.suse.com/1062104
SUSE Bug 1062104
https://bugzilla.suse.com/1120866
SUSE Bug 1120866
https://bugzilla.suse.com/1123150
SUSE Bug 1123150
https://bugzilla.suse.com/1127473
SUSE Bug 1127473
https://bugzilla.suse.com/1184301
SUSE Bug 1184301

Описание

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libz1-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:libz1-32bit-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server 12 SP2:libz1-1.2.8-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9841.html
CVE-2016-9841
https://bugzilla.suse.com/1003579
SUSE Bug 1003579
https://bugzilla.suse.com/1022633
SUSE Bug 1022633
https://bugzilla.suse.com/1038505
SUSE Bug 1038505
https://bugzilla.suse.com/1064070
SUSE Bug 1064070
https://bugzilla.suse.com/1070162
SUSE Bug 1070162
https://bugzilla.suse.com/1120866
SUSE Bug 1120866
https://bugzilla.suse.com/1123150
SUSE Bug 1123150
https://bugzilla.suse.com/1127473
SUSE Bug 1127473

Описание

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libz1-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:libz1-32bit-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server 12 SP2:libz1-1.2.8-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9842.html
CVE-2016-9842
https://bugzilla.suse.com/1003580
SUSE Bug 1003580
https://bugzilla.suse.com/1022633
SUSE Bug 1022633
https://bugzilla.suse.com/1023215
SUSE Bug 1023215
https://bugzilla.suse.com/1038505
SUSE Bug 1038505
https://bugzilla.suse.com/1062104
SUSE Bug 1062104
https://bugzilla.suse.com/1120866
SUSE Bug 1120866
https://bugzilla.suse.com/1123150
SUSE Bug 1123150
https://bugzilla.suse.com/1127473
SUSE Bug 1127473
https://bugzilla.suse.com/1184301
SUSE Bug 1184301

Описание

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libz1-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:libz1-32bit-1.2.8-11.1

SUSE Linux Enterprise Desktop 12 SP2:zlib-devel-1.2.8-11.1

SUSE Linux Enterprise Server 12 SP2:libz1-1.2.8-11.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9843.html
CVE-2016-9843
https://bugzilla.suse.com/1003580
SUSE Bug 1003580
https://bugzilla.suse.com/1013882
SUSE Bug 1013882
https://bugzilla.suse.com/1038505
SUSE Bug 1038505
https://bugzilla.suse.com/1062104
SUSE Bug 1062104
https://bugzilla.suse.com/1116686
SUSE Bug 1116686
https://bugzilla.suse.com/1120866
SUSE Bug 1120866
https://bugzilla.suse.com/1123150
SUSE Bug 1123150
https://bugzilla.suse.com/1127473
SUSE Bug 1127473
https://bugzilla.suse.com/1184301
SUSE Bug 1184301

SUSE-SU-2017:0003-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP2

Ссылки

Уязвимость: CVE-2016-9840

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9841

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9842

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9843

Описание

Затронутые продукты

Ссылки