First Last Prev Next    This bug is not in your last search results.
Bug 1003579 - (CVE-2016-9840) VUL-1: CVE-2016-9840 CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inftrees.c
(CVE-2016-9840)
VUL-1: CVE-2016-9840 CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-9840:4.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-07 10:27 UTC by Johannes Segitz
Modified: 2020-06-16 01:42 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-10-07 10:27:48 UTC 
Security audit of zlib: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf

Upstream comments: https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7

Fixes: https://github.com/madler/zlib - you need to switch to 'develop'

Quoting from the report:
Zlib computes out-of-bounds pointers in several places, even though these pointers are not dereferenced. Still, using pointer arithmetic in order to go out of the bounds of the pointed block is forbidden by the C standard, and compiler optimizations exist that assume code does not do this.

The places where this happens are listed in the report
Fix: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 
and https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
Comment 1 Swamp Workflow Management 2016-10-07 22:00:28 UTC 
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-12-04 13:00:32 UTC 
This is an autogenerated message for OBS integration:
This bug (1003579) was mentioned in
https://build.opensuse.org/request/show/443701 Factory / zlib
https://build.opensuse.org/request/show/443702 13.2 / zlib
Comment 3 Tomáš Chvátal 2016-12-04 13:53:11 UTC 
all sumbissions done
Comment 5 Marcus Meissner 2016-12-06 10:25:04 UTC 
    Finding 3: Out-of-bounds pointer arithmetic in inftrees.c (Low)


    https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0


Use CVE-2016-9840.


    https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb


Use CVE-2016-9841.
Comment 6 Bernhard Wiedemann 2016-12-12 13:04:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1003579) was mentioned in
https://build.opensuse.org/request/show/445412 Factory / zlib
https://build.opensuse.org/request/show/445413 13.2 / zlib
Comment 8 Swamp Workflow Management 2016-12-20 20:09:17 UTC 
openSUSE-SU-2016:3202-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
openSUSE 13.2 (src):    zlib-1.2.8-5.8.1
Comment 9 Swamp Workflow Management 2016-12-21 19:07:40 UTC 
SUSE-SU-2016:3209-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    zlib-1.2.7-0.14.1
SUSE Linux Enterprise Server 11-SP4 (src):    zlib-1.2.7-0.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    zlib-1.2.7-0.14.1
Comment 10 Swamp Workflow Management 2017-01-02 11:09:28 UTC 
SUSE-SU-2017:0003-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    zlib-1.2.8-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    zlib-1.2.8-11.1
SUSE Linux Enterprise Server 12-SP2 (src):    zlib-1.2.8-11.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    zlib-1.2.8-11.1
Comment 11 Swamp Workflow Management 2017-01-02 11:10:23 UTC 
SUSE-SU-2017:0004-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    zlib-1.2.8-6.3.1
SUSE Linux Enterprise Server 12-SP1 (src):    zlib-1.2.8-6.3.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    zlib-1.2.8-6.3.1
Comment 12 Swamp Workflow Management 2017-01-08 00:20:10 UTC 
openSUSE-SU-2017:0077-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
openSUSE Leap 42.1 (src):    zlib-1.2.8-8.1
Comment 13 Swamp Workflow Management 2017-01-08 00:21:25 UTC 
openSUSE-SU-2017:0080-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
openSUSE Leap 42.2 (src):    zlib-1.2.8-10.1
Comment 14 Marcus Meissner 2017-10-25 20:01:05 UTC 
released
Comment 15 Swamp Workflow Management 2018-06-26 13:09:03 UTC 
SUSE-SU-2018:1815-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882,1095016,912771,920442
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Studio Onsite 1.3 (src):    zlib-1.2.7-0.135.3.1
Comment 16 Swamp Workflow Management 2019-11-12 16:40:12 UTC 
This is an autogenerated message for OBS integration:
This bug (1003579) was mentioned in
https://build.opensuse.org/request/show/747777 Backports:SLE-12 / zlib
First Last Prev Next    This bug is not in your last search results.