Описание
Security update for zlib
This update for zlib fixes the following issues:
- CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)
- CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580)
- CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579)
- Incompatible declarations for external linkage function deflate (bsc#1003577)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
libz1-1.2.8-8.1
libz1-32bit-1.2.8-8.1
zlib-1.2.8-8.1
zlib-devel-1.2.8-8.1
zlib-devel-32bit-1.2.8-8.1
zlib-devel-static-1.2.8-8.1
zlib-devel-static-32bit-1.2.8-8.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0077-1
- SUSE Security Ratings
Описание
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Затронутые продукты
openSUSE Leap 42.1:libz1-1.2.8-8.1
openSUSE Leap 42.1:libz1-32bit-1.2.8-8.1
openSUSE Leap 42.1:zlib-1.2.8-8.1
openSUSE Leap 42.1:zlib-devel-1.2.8-8.1
Ссылки
- CVE-2016-9840
- SUSE Bug 1003579
- SUSE Bug 1023215
- SUSE Bug 1038505
- SUSE Bug 1120866
- SUSE Bug 1123150
Описание
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Затронутые продукты
openSUSE Leap 42.1:libz1-1.2.8-8.1
openSUSE Leap 42.1:libz1-32bit-1.2.8-8.1
openSUSE Leap 42.1:zlib-1.2.8-8.1
openSUSE Leap 42.1:zlib-devel-1.2.8-8.1
Ссылки
- CVE-2016-9841
- SUSE Bug 1003579
- SUSE Bug 1038505
- SUSE Bug 1064070
- SUSE Bug 1070162
- SUSE Bug 1120866
- SUSE Bug 1123150
Описание
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Затронутые продукты
openSUSE Leap 42.1:libz1-1.2.8-8.1
openSUSE Leap 42.1:libz1-32bit-1.2.8-8.1
openSUSE Leap 42.1:zlib-1.2.8-8.1
openSUSE Leap 42.1:zlib-devel-1.2.8-8.1
Ссылки
- CVE-2016-9842
- SUSE Bug 1003580
- SUSE Bug 1023215
- SUSE Bug 1038505
- SUSE Bug 1120866
- SUSE Bug 1123150
Описание
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Затронутые продукты
openSUSE Leap 42.1:libz1-1.2.8-8.1
openSUSE Leap 42.1:libz1-32bit-1.2.8-8.1
openSUSE Leap 42.1:zlib-1.2.8-8.1
openSUSE Leap 42.1:zlib-devel-1.2.8-8.1
Ссылки
- CVE-2016-9843
- SUSE Bug 1003580
- SUSE Bug 1013882
- SUSE Bug 1038505
- SUSE Bug 1116686
- SUSE Bug 1120866
- SUSE Bug 1123150