[3.4] zlib: Multiple vulnerabilities (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)
CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9840
Patch:
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9841
Patch:
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8
might allow context-dependent attackers to have unspecified impact
via vectors involving left shifts of negative integers.
References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9842
Patch:
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9843
Patch:
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
(from redmine: issue id 7358, created on 2017-06-01, closed on 2017-06-01)
- Relations:
- parent #7356 (closed)
- Changesets:
- Revision 6d398ff0 by Natanael Copa on 2017-06-01T11:30:04Z:
main/zlib: security upgrade to 1.2.11
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
fixes #7358