Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in zlib
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in zlib
ID: USN-4246-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Mi, 22. Januar 2020, 23:23
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843
https://usn.ubuntu.com/4246-1
https://launchpad.net/ubuntu/+source/zlib/1:1.2.8.dfsg-2ubuntu4.3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840
Applikationen: zlib

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6793564586740142071==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="HPFfMPoC4Z3dN703huNmzncn3bGgUkgkV"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--HPFfMPoC4Z3dN703huNmzncn3bGgUkgkV
Content-Type: multipart/mixed;
boundary="TDRKWQtAZ3t1uDRSyD1GoJKg162ccpEN0"

--TDRKWQtAZ3t1uDRSyD1GoJKg162ccpEN0
Content-Type: text/plain; charset=utf-8
Content-Language: en-U
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4246-1
January 22, 2020

zlib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in zlib

Software Description:
- zlib: Lossless data-compression library

Details:

It was discovered that zlib incorrectly handled pointer arithmetic. An
attacker
could use this issue to cause zlib to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

It was discovered that zlib incorrectly handled vectors involving left
shifts of
negative integers. An attacker could use this issue to cause zlib to
crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9842)

It was discovered that zlib incorrectly handled vectors involving
big-endian CRC
calculation. An attacker could use this issue to cause zlib to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9843)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
lib32z1 1:1.2.8.dfsg-2ubuntu4.3
lib64z1 1:1.2.8.dfsg-2ubuntu4.3
libn32z1 1:1.2.8.dfsg-2ubuntu4.3
libx32z1 1:1.2.8.dfsg-2ubuntu4.3
zlib1g 1:1.2.8.dfsg-2ubuntu4.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4246-1
CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Package Information:
https://launchpad.net/ubuntu/+source/zlib/1:1.2.8.dfsg-2ubuntu4.3




--TDRKWQtAZ3t1uDRSyD1GoJKg162ccpEN0--

--HPFfMPoC4Z3dN703huNmzncn3bGgUkgkV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl4otpgACgkQtGdj0GOh
2+x46QgAkxwlCswshL4FEjswUvbMpPO4Ox9QAKrpNzWwEYdHKCJpnb+f6ksjJ+aT
sD65jZI0y0cKB25lgvTl+gd1vLT0Gb/+TszCI8ISwJzQAleN5D5RFQCuHwMSsMhZ
cJK1oXlFwXCwNtGaNFEA56kgTk4v66vBmqJcsjkflB6zJUaleLlTyVIfCEbiFoTk
kcmurwmhj5rjQedyR0pPi4JIR4CPnDSlizAM05xS5L46auU3CUjgDMvwIsGCbE5d
Agt6SHfbFhEiEW/3sXy0FVFnGapgxr83aFi2BuH3xZYy1Y1epvr+9UJEKdJFiWAL
J21ucoJbu6RfkIq8L19DwKDu1XFcJg==
=6qZm
-----END PGP SIGNATURE-----

--HPFfMPoC4Z3dN703huNmzncn3bGgUkgkV--


--===============6793564586740142071==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6793564586740142071==--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung