Ubuntu Security Notice 4246-1 - It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
96fd07ce458fb8e61373e902d959b958850935f8f23a8cce5911e7b2eb804982
==========================================================================
Ubuntu Security Notice USN-4246-1
January 22, 2020
zlib vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in zlib
Software Description:
- zlib: Lossless data-compression library
Details:
It was discovered that zlib incorrectly handled pointer arithmetic. An
attacker
could use this issue to cause zlib to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)
It was discovered that zlib incorrectly handled vectors involving left
shifts of
negative integers. An attacker could use this issue to cause zlib to
crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9842)
It was discovered that zlib incorrectly handled vectors involving
big-endian CRC
calculation. An attacker could use this issue to cause zlib to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9843)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
lib32z1 1:1.2.8.dfsg-2ubuntu4.3
lib64z1 1:1.2.8.dfsg-2ubuntu4.3
libn32z1 1:1.2.8.dfsg-2ubuntu4.3
libx32z1 1:1.2.8.dfsg-2ubuntu4.3
zlib1g 1:1.2.8.dfsg-2ubuntu4.3
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4246-1
CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
Package Information:
https://launchpad.net/ubuntu/+source/zlib/1:1.2.8.dfsg-2ubuntu4.3