ALT-PU-2018-2752-1
Closed vulnerabilities
Published: 2017-05-23
BDU:2017-01815
Уязвимость функции crc32_big библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2017-05-23
BDU:2017-01816
Уязвимость компонента Inffast библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
References:
Published: 2016-09-22
BDU:2017-02382
Уязвимость компонента inftrees библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 2016-09-22
BDU:2017-02383
Уязвимость функции inflateMark библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-05-23
Modified: 2025-03-28
Modified: 2025-03-28
CVE-2016-9840
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2016:3202
- openSUSE-SU-2016:3202
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0080
- openSUSE-SU-2017:0080
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 95131
- 95131
- 1039427
- 1039427
- RHSA-2017:1220
- RHSA-2017:1220
- RHSA-2017:1221
- RHSA-2017:1221
- RHSA-2017:1222
- RHSA-2017:1222
- RHSA-2017:2999
- RHSA-2017:2999
- RHSA-2017:3046
- RHSA-2017:3046
- RHSA-2017:3047
- RHSA-2017:3047
- RHSA-2017:3453
- RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402345
- https://bugzilla.redhat.com/show_bug.cgi?id=1402345
- https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
- https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- GLSA-201701-56
- GLSA-201701-56
- GLSA-202007-54
- GLSA-202007-54
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- USN-4246-1
- USN-4246-1
- USN-4292-1
- USN-4292-1
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Published: 2017-05-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2016:3202
- openSUSE-SU-2016:3202
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0080
- openSUSE-SU-2017:0080
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 95131
- 95131
- 1039427
- 1039427
- 1039596
- 1039596
- RHSA-2017:1220
- RHSA-2017:1220
- RHSA-2017:1221
- RHSA-2017:1221
- RHSA-2017:1222
- RHSA-2017:1222
- RHSA-2017:2999
- RHSA-2017:2999
- RHSA-2017:3046
- RHSA-2017:3046
- RHSA-2017:3047
- RHSA-2017:3047
- RHSA-2017:3453
- RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402346
- https://bugzilla.redhat.com/show_bug.cgi?id=1402346
- https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
- https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- GLSA-201701-56
- GLSA-201701-56
- GLSA-202007-54
- GLSA-202007-54
- https://security.netapp.com/advisory/ntap-20171019-0001/
- https://security.netapp.com/advisory/ntap-20171019-0001/
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- USN-4246-1
- USN-4246-1
- USN-4292-1
- USN-4292-1
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Published: 2017-05-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2016:3202
- openSUSE-SU-2016:3202
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0080
- openSUSE-SU-2017:0080
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 95131
- 95131
- 1039427
- 1039427
- RHSA-2017:1220
- RHSA-2017:1220
- RHSA-2017:1221
- RHSA-2017:1221
- RHSA-2017:1222
- RHSA-2017:1222
- RHSA-2017:2999
- RHSA-2017:2999
- RHSA-2017:3046
- RHSA-2017:3046
- RHSA-2017:3047
- RHSA-2017:3047
- RHSA-2017:3453
- RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402348
- https://bugzilla.redhat.com/show_bug.cgi?id=1402348
- https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
- https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- GLSA-201701-56
- GLSA-201701-56
- GLSA-202007-54
- GLSA-202007-54
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- USN-4246-1
- USN-4246-1
- USN-4292-1
- USN-4292-1
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Published: 2017-05-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2016:3202
- openSUSE-SU-2016:3202
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0077
- openSUSE-SU-2017:0080
- openSUSE-SU-2017:0080
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 95131
- 95131
- 1039427
- 1039427
- 1041888
- 1041888
- RHSA-2017:1220
- RHSA-2017:1220
- RHSA-2017:1221
- RHSA-2017:1221
- RHSA-2017:1222
- RHSA-2017:1222
- RHSA-2017:2999
- RHSA-2017:2999
- RHSA-2017:3046
- RHSA-2017:3046
- RHSA-2017:3047
- RHSA-2017:3047
- RHSA-2017:3453
- RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402351
- https://bugzilla.redhat.com/show_bug.cgi?id=1402351
- https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
- https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update
- GLSA-201701-56
- GLSA-201701-56
- GLSA-202007-54
- GLSA-202007-54
- https://security.netapp.com/advisory/ntap-20181018-0002/
- https://security.netapp.com/advisory/ntap-20181018-0002/
- https://support.apple.com/HT208112
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://support.apple.com/HT208144
- USN-4246-1
- USN-4246-1
- USN-4292-1
- USN-4292-1
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
Closed bugs
remove %_includedir/minizip/crypt.h