Package "zlib"
Name: |
zlib
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- compression library - 64 bit runtime
- compression library - 64 bit development
- compression library - x32 runtime
- compression library - x32 development
|
Latest version: |
1:1.2.8.dfsg-2ubuntu4.3 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "zlib" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
zlib (1:1.2.8.dfsg-2ubuntu4.3) xenial-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark()
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation
- CVE-2016-9843
-- Avital Ostromich <email address hidden> Wed, 08 Jan 2020 11:06:35 -0500
|
CVE-2016-9840 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
CVE-2016-9841 |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
CVE-2016-9842 |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shi |
CVE-2016-9843 |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian C |
|
About
-
Send Feedback to @ubuntu_updates