Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0080-1

Опубликовано: 07 янв. 2017
Источник: suse-cvrf

Описание

Security update for zlib

This update for zlib fixes the following issues:

  • CVE-2016-9843: Big-endian out-of-bounds pointer
  • CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580)
  • CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579)
  • Incompatible declarations for external linkage function deflate (bsc#1003577)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
libminizip1-1.2.8-10.1
libz1-1.2.8-10.1
libz1-32bit-1.2.8-10.1
minizip-devel-1.2.8-10.1
zlib-1.2.8-10.1
zlib-devel-1.2.8-10.1
zlib-devel-32bit-1.2.8-10.1
zlib-devel-static-1.2.8-10.1
zlib-devel-static-32bit-1.2.8-10.1

Ссылки

Описание

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Затронутые продукты
openSUSE Leap 42.2:libminizip1-1.2.8-10.1
openSUSE Leap 42.2:libz1-1.2.8-10.1
openSUSE Leap 42.2:libz1-32bit-1.2.8-10.1
openSUSE Leap 42.2:minizip-devel-1.2.8-10.1
Ссылки

Описание

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Затронутые продукты
openSUSE Leap 42.2:libminizip1-1.2.8-10.1
openSUSE Leap 42.2:libz1-1.2.8-10.1
openSUSE Leap 42.2:libz1-32bit-1.2.8-10.1
openSUSE Leap 42.2:minizip-devel-1.2.8-10.1
Ссылки

Описание

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Затронутые продукты
openSUSE Leap 42.2:libminizip1-1.2.8-10.1
openSUSE Leap 42.2:libz1-1.2.8-10.1
openSUSE Leap 42.2:libz1-32bit-1.2.8-10.1
openSUSE Leap 42.2:minizip-devel-1.2.8-10.1
Ссылки

Описание

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Затронутые продукты
openSUSE Leap 42.2:libminizip1-1.2.8-10.1
openSUSE Leap 42.2:libz1-1.2.8-10.1
openSUSE Leap 42.2:libz1-32bit-1.2.8-10.1
openSUSE Leap 42.2:minizip-devel-1.2.8-10.1
Ссылки
Уязвимость openSUSE-SU-2017:0080-1