USN-4246-1

Details

It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9842)

It was discovered that zlib incorrectly handled vectors involving big-endian CRC calculation. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9843)

Affected Packages

zlib

Ubuntu 16.04 LTS

Fixed in:

1:1.2.8.dfsg-2ubuntu4.3

References

REPORThttps://ubuntu.com/security/CVE-2016-9840 REPORThttps://ubuntu.com/security/CVE-2016-9841 REPORThttps://ubuntu.com/security/CVE-2016-9842 REPORThttps://ubuntu.com/security/CVE-2016-9843 ADVISORYhttps://ubuntu.com/security/notices/USN-4246-1

USN-4246-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline