Bug 1003580 - (CVE-2016-9842) VUL-1: CVE-2016-9842: zlib: Undefined Left Shift of Negative Number
(CVE-2016-9842)
VUL-1: CVE-2016-9842: zlib: Undefined Left Shift of Negative Number
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-9842:4.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-07 10:29 UTC by Johannes Segitz
Modified: 2020-06-16 01:43 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-10-07 10:29:57 UTC
Security audit of zlib: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf

Upstream comments: https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7

Fixes: https://github.com/madler/zlib - you need to switch to 'develop'

Quoting from the report:
While testing the possible fix of the strict aliasing issue ( ​ Finding 2 ​ ), we identified an invalid left shift of a negative number.
Source Reference (inflate.c):
1507 if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
Left shifts of negative value are undefined, but in practice this will probably
continue to have the desired behavior.
Recommendation:
Change -1L << 16 to (~0xFFFFL).
Potential sample code:
1507 if (strm == Z_NULL || strm->state == Z_NULL) return (~0xFFFFL);

Fix: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
Comment 1 Swamp Workflow Management 2016-10-07 22:00:38 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-12-04 13:00:37 UTC
This is an autogenerated message for OBS integration:
This bug (1003580) was mentioned in
https://build.opensuse.org/request/show/443701 Factory / zlib
https://build.opensuse.org/request/show/443702 13.2 / zlib
Comment 3 Tomáš Chvátal 2016-12-04 13:52:33 UTC
all sumbissions done
Comment 4 Tomáš Chvátal 2016-12-04 13:54:43 UTC
all sumbissions done
Comment 6 Marcus Meissner 2016-12-06 10:26:10 UTC
    Finding 5: Big-endian out-of-bounds pointer (Low)
    Fix: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811


Use CVE-2016-9843.
Comment 7 Salvatore Bonaccorso 2016-12-06 20:58:01 UTC
Hi Marcus

I think comment #6 should belong to another but, the one for CVE-2016-9843, i.e. https://bugzilla.novell.com/show_bug.cgi?id=1013882 ?

The commit for CVE-2016-9842 is according to https://marc.info/?l=oss-security&m=148097605021134&w=2 https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958

Regards,
Salvatore
Comment 8 Marcus Meissner 2016-12-12 12:04:02 UTC
yeah, i mixed stuff up.
Comment 9 Marcus Meissner 2016-12-12 12:06:32 UTC
and e54e1299404101a5a9d0cf5e45512b543967f958 is for the left shift
Comment 10 Tomáš Chvátal 2016-12-12 12:34:25 UTC
Patch updated.
Comment 11 Bernhard Wiedemann 2016-12-12 13:04:07 UTC
This is an autogenerated message for OBS integration:
This bug (1003580) was mentioned in
https://build.opensuse.org/request/show/445412 Factory / zlib
https://build.opensuse.org/request/show/445413 13.2 / zlib
Comment 13 Swamp Workflow Management 2016-12-20 20:09:26 UTC
openSUSE-SU-2016:3202-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
openSUSE 13.2 (src):    zlib-1.2.8-5.8.1
Comment 14 Swamp Workflow Management 2016-12-21 19:07:51 UTC
SUSE-SU-2016:3209-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    zlib-1.2.7-0.14.1
SUSE Linux Enterprise Server 11-SP4 (src):    zlib-1.2.7-0.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    zlib-1.2.7-0.14.1
Comment 15 Swamp Workflow Management 2017-01-02 11:09:40 UTC
SUSE-SU-2017:0003-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    zlib-1.2.8-11.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    zlib-1.2.8-11.1
SUSE Linux Enterprise Server 12-SP2 (src):    zlib-1.2.8-11.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    zlib-1.2.8-11.1
Comment 16 Swamp Workflow Management 2017-01-02 11:10:32 UTC
SUSE-SU-2017:0004-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    zlib-1.2.8-6.3.1
SUSE Linux Enterprise Server 12-SP1 (src):    zlib-1.2.8-6.3.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    zlib-1.2.8-6.3.1
Comment 17 Swamp Workflow Management 2017-01-08 00:20:20 UTC
openSUSE-SU-2017:0077-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
openSUSE Leap 42.1 (src):    zlib-1.2.8-8.1
Comment 18 Swamp Workflow Management 2017-01-08 00:21:33 UTC
openSUSE-SU-2017:0080-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
openSUSE Leap 42.2 (src):    zlib-1.2.8-10.1
Comment 19 Marcus Meissner 2017-10-25 20:01:10 UTC
released
Comment 20 Swamp Workflow Management 2018-06-26 13:09:13 UTC
SUSE-SU-2018:1815-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1003577,1003579,1003580,1013882,1095016,912771,920442
CVE References: CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843
Sources used:
SUSE Studio Onsite 1.3 (src):    zlib-1.2.7-0.135.3.1
Comment 21 Swamp Workflow Management 2019-11-12 16:40:17 UTC
This is an autogenerated message for OBS integration:
This bug (1003580) was mentioned in
https://build.opensuse.org/request/show/747777 Backports:SLE-12 / zlib