You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke zlib

Sigurnosni nedostaci programske biblioteke zlib

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4246-1
January 22, 2020

zlib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in zlib

Software Description:
– zlib: Lossless data-compression library

Details:

It was discovered that zlib incorrectly handled pointer arithmetic. An
attacker
could use this issue to cause zlib to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

It was discovered that zlib incorrectly handled vectors involving left
shifts of
negative integers. An attacker could use this issue to cause zlib to
crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9842)

It was discovered that zlib incorrectly handled vectors involving
big-endian CRC
calculation. An attacker could use this issue to cause zlib to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9843)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
lib32z1 1:1.2.8.dfsg-2ubuntu4.3
lib64z1 1:1.2.8.dfsg-2ubuntu4.3
libn32z1 1:1.2.8.dfsg-2ubuntu4.3
libx32z1 1:1.2.8.dfsg-2ubuntu4.3
zlib1g 1:1.2.8.dfsg-2ubuntu4.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4246-1
CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Package Information:
https://launchpad.net/ubuntu/+source/zlib/1:1.2.8.dfsg-2ubuntu4.3

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl4otpgACgkQtGdj0GOh
2+x46QgAkxwlCswshL4FEjswUvbMpPO4Ox9QAKrpNzWwEYdHKCJpnb+f6ksjJ+aT
sD65jZI0y0cKB25lgvTl+gd1vLT0Gb/+TszCI8ISwJzQAleN5D5RFQCuHwMSsMhZ
cJK1oXlFwXCwNtGaNFEA56kgTk4v66vBmqJcsjkflB6zJUaleLlTyVIfCEbiFoTk
kcmurwmhj5rjQedyR0pPi4JIR4CPnDSlizAM05xS5L46auU3CUjgDMvwIsGCbE5d
Agt6SHfbFhEiEW/3sXy0FVFnGapgxr83aFi2BuH3xZYy1Y1epvr+9UJEKdJFiWAL
J21ucoJbu6RfkIq8L19DwKDu1XFcJg==
=6qZm
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2020-01-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libredwg

Otkriveni su sigurnosni nedostaci programske biblioteke libredwg za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close