Security update for zlib SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0004-1 Final 1 1 2017-01-02T07:37:00Z current 2017-01-02T07:37:00Z 2017-01-02T07:37:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for zlib This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2017-3,SUSE-SLE-SDK-12-SP1-2017-3,SUSE-SLE-SERVER-12-SP1-2017-3 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170004-1/ Link for SUSE-SU-2017:0004-1 https://lists.suse.com/pipermail/sle-security-updates/2017-January/002541.html E-Mail link for SUSE-SU-2017:0004-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1003577 SUSE Bug 1003577 https://bugzilla.suse.com/1003579 SUSE Bug 1003579 https://bugzilla.suse.com/1003580 SUSE Bug 1003580 https://bugzilla.suse.com/1013882 SUSE Bug 1013882 https://www.suse.com/security/cve/CVE-2016-9840/ SUSE CVE CVE-2016-9840 page https://www.suse.com/security/cve/CVE-2016-9841/ SUSE CVE CVE-2016-9841 page https://www.suse.com/security/cve/CVE-2016-9842/ SUSE CVE CVE-2016-9842 page https://www.suse.com/security/cve/CVE-2016-9843/ SUSE CVE CVE-2016-9843 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 libz1-1.2.8-6.3.1 libz1-32bit-1.2.8-6.3.1 zlib-devel-1.2.8-6.3.1 zlib-devel-32bit-1.2.8-6.3.1 zlib-devel-static-1.2.8-6.3.1 libz1-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libz1-32bit-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libz1-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP1 libz1-32bit-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP1 libz1-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libz1-32bit-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 zlib-devel-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 zlib-devel-32bit-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 zlib-devel-static-1.2.8-6.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9840 SUSE Linux Enterprise Desktop 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Desktop 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-static-1.2.8-6.3.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170004-1/ https://www.suse.com/security/cve/CVE-2016-9840.html CVE-2016-9840 https://bugzilla.suse.com/1003579 SUSE Bug 1003579 https://bugzilla.suse.com/1022633 SUSE Bug 1022633 https://bugzilla.suse.com/1023215 SUSE Bug 1023215 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 https://bugzilla.suse.com/1062104 SUSE Bug 1062104 https://bugzilla.suse.com/1120866 SUSE Bug 1120866 https://bugzilla.suse.com/1123150 SUSE Bug 1123150 https://bugzilla.suse.com/1127473 SUSE Bug 1127473 https://bugzilla.suse.com/1184301 SUSE Bug 1184301 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9841 SUSE Linux Enterprise Desktop 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Desktop 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-static-1.2.8-6.3.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170004-1/ https://www.suse.com/security/cve/CVE-2016-9841.html CVE-2016-9841 https://bugzilla.suse.com/1003579 SUSE Bug 1003579 https://bugzilla.suse.com/1022633 SUSE Bug 1022633 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 https://bugzilla.suse.com/1064070 SUSE Bug 1064070 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 https://bugzilla.suse.com/1120866 SUSE Bug 1120866 https://bugzilla.suse.com/1123150 SUSE Bug 1123150 https://bugzilla.suse.com/1127473 SUSE Bug 1127473 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. CVE-2016-9842 SUSE Linux Enterprise Desktop 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Desktop 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-static-1.2.8-6.3.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170004-1/ https://www.suse.com/security/cve/CVE-2016-9842.html CVE-2016-9842 https://bugzilla.suse.com/1003580 SUSE Bug 1003580 https://bugzilla.suse.com/1022633 SUSE Bug 1022633 https://bugzilla.suse.com/1023215 SUSE Bug 1023215 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 https://bugzilla.suse.com/1062104 SUSE Bug 1062104 https://bugzilla.suse.com/1120866 SUSE Bug 1120866 https://bugzilla.suse.com/1123150 SUSE Bug 1123150 https://bugzilla.suse.com/1127473 SUSE Bug 1127473 https://bugzilla.suse.com/1184301 SUSE Bug 1184301 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVE-2016-9843 SUSE Linux Enterprise Desktop 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Desktop 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-1.2.8-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libz1-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-32bit-1.2.8-6.3.1 SUSE Linux Enterprise Software Development Kit 12 SP1:zlib-devel-static-1.2.8-6.3.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170004-1/ https://www.suse.com/security/cve/CVE-2016-9843.html CVE-2016-9843 https://bugzilla.suse.com/1003580 SUSE Bug 1003580 https://bugzilla.suse.com/1013882 SUSE Bug 1013882 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 https://bugzilla.suse.com/1062104 SUSE Bug 1062104 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 https://bugzilla.suse.com/1120866 SUSE Bug 1120866 https://bugzilla.suse.com/1123150 SUSE Bug 1123150 https://bugzilla.suse.com/1127473 SUSE Bug 1127473 https://bugzilla.suse.com/1184301 SUSE Bug 1184301