UbuntuUpdates.org

Package "zlib"

Name: zlib

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • compression library - 64 bit runtime
  • compression library - 64 bit development
  • compression library - x32 runtime
  • compression library - x32 development

Latest version: 1:1.2.8.dfsg-2ubuntu4.3
Release: xenial (16.04)
Level: updates
Repository: main

Links



Other versions of "zlib" in Xenial

Repository Area Version
base main 1:1.2.8.dfsg-2ubuntu4
security main 1:1.2.8.dfsg-2ubuntu4.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:1.2.8.dfsg-2ubuntu4.3 2020-01-22 20:07:07 UTC

  zlib (1:1.2.8.dfsg-2ubuntu4.3) xenial-security; urgency=medium

  * SECURITY UPDATE: improper pointer arithmetic might allow
    context-dependent attackers to have unspecified impact
    - debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
      in inftrees.c
    - CVE-2016-9840
  * SECURITY UPDATE: improper pointer arithmetic might allow
    context-dependent attackers to have unspecified impact
    - debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c
    - CVE-2016-9841
  * SECURITY UPDATE: vectors involving left shifts of negative integers might
    allow context-dependent attackers to have unspecified impact
    - debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
      inflateMark()
    - debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
      value to long
    - CVE-2016-9842
  * SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
    context-dependent attackers to have unspecified impact
    - debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
      big-endian CRC calculation
    - CVE-2016-9843

 -- Avital Ostromich <email address hidden> Wed, 08 Jan 2020 11:06:35 -0500

Source diff to previous version
CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shi
CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian C

Version: 1:1.2.8.dfsg-2ubuntu4.1 2017-05-10 16:06:48 UTC

  zlib (1:1.2.8.dfsg-2ubuntu4.1) xenial-proposed; urgency=medium

  * SRU
  * Move zconf.h back to /usr/include (not differing across architectures)
    anymore. Closes: #787956. LP: #1512992.

 -- Matthias Klose <email address hidden> Fri, 03 Mar 2017 18:31:53 +0100

1512992 package zlib1g-dev 1:1.2.8.dfsg-2ubuntu4 failed to install/upgrade: trying to overwrite '/usr/include/i386-linux-gnu/zconf.h', which is also in packa
787956 lib32z1-dev: Compiling anything that includes <zlib.h> with -m32 fails - Debian Bug report logs



About   -   Send Feedback to @ubuntu_updates