Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 16.04 LTS: USN-4246-1 Critical: Zlib Denial Of Service

ubuntu
Calendar Grey January 22, 2020
Dist Ubuntu Esm H88
Multiple vulnerabilities patched in zlib for Ubuntu 16.04 LTS, mitigating risks of crashes and possible code execution exploits.
Several security issues were fixed in zlib

Summary

Several security issues were fixed in zlib

Software Description:

- zlib: Lossless data-compression library

Details:

It was discovered that zlib incorrectly handled pointer arithmetic. An

attacker

could use this issue to cause zlib to crash, resulting in a denial of

service, or possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

It was discovered that zlib incorrectly handled vectors involving left

shifts of

negative integers. An attacker could use this issue to cause zlib to

crash, resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2016-9842)

It was discovered that zlib incorrectly handled vectors involving

big-endian CRC

calculation. An attacker could use this issue to cause zlib to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2016-9843)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
lib32z1 1:1.2.8.dfsg-2ubuntu4.3
lib64z1 1:1.2.8.dfsg-2ubuntu4.3
libn32z1 1:1.2.8.dfsg-2ubuntu4.3
libx32z1 1:1.2.8.dfsg-2ubuntu4.3
zlib1g 1:1.2.8.dfsg-2ubuntu4.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4246-1

CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Severity
critical
Lowest
Low
Medium
High
Critical

January 22, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here