suse-su-2018:1815-1
Vulnerability from csaf_suse
Published
2018-06-26 07:37
Modified
2018-06-26 07:37
Summary
Security update for zlib

Notes

Title of the patch
Security update for zlib
Description of the patch
This update brings zlib to 1.2.7, bringing bugfixes and speedups. It also reduces a buildtime issue with clamav 0.100 which caused hangs on 32bit platforms. (bsc#1095016)
Patchnames
slestso13-zlib-1.2.7-13676
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for zlib",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update brings zlib to 1.2.7, bringing bugfixes and speedups.\n\nIt also reduces a buildtime issue with clamav 0.100 which caused hangs\non 32bit platforms. (bsc#1095016)\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slestso13-zlib-1.2.7-13676",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1815-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:1815-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181815-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:1815-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-June/004218.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1003577",
        "url": "https://bugzilla.suse.com/1003577"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1003579",
        "url": "https://bugzilla.suse.com/1003579"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1003580",
        "url": "https://bugzilla.suse.com/1003580"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1013882",
        "url": "https://bugzilla.suse.com/1013882"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1095016",
        "url": "https://bugzilla.suse.com/1095016"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 912771",
        "url": "https://bugzilla.suse.com/912771"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 920442",
        "url": "https://bugzilla.suse.com/920442"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9840 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9841 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9842 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9842/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9843 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9843/"
      }
    ],
    "title": "Security update for zlib",
    "tracking": {
      "current_release_date": "2018-06-26T07:37:10Z",
      "generator": {
        "date": "2018-06-26T07:37:10Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:1815-1",
      "initial_release_date": "2018-06-26T07:37:10Z",
      "revision_history": [
        {
          "date": "2018-06-26T07:37:10Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "zlib-1.2.7-0.135.3.1.x86_64",
                "product": {
                  "name": "zlib-1.2.7-0.135.3.1.x86_64",
                  "product_id": "zlib-1.2.7-0.135.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "zlib-devel-1.2.7-0.135.3.1.x86_64",
                "product": {
                  "name": "zlib-devel-1.2.7-0.135.3.1.x86_64",
                  "product_id": "zlib-devel-1.2.7-0.135.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Studio Onsite 1.3",
                "product": {
                  "name": "SUSE Studio Onsite 1.3",
                  "product_id": "SUSE Studio Onsite 1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-studioonsite:1.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zlib-1.2.7-0.135.3.1.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64"
        },
        "product_reference": "zlib-1.2.7-0.135.3.1.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "zlib-devel-1.2.7-0.135.3.1.x86_64 as component of SUSE Studio Onsite 1.3",
          "product_id": "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
        },
        "product_reference": "zlib-devel-1.2.7-0.135.3.1.x86_64",
        "relates_to_product_reference": "SUSE Studio Onsite 1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
          "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9840",
          "url": "https://www.suse.com/security/cve/CVE-2016-9840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003579 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1003579"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022633 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1022633"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1023215 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1023215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038505 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1038505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062104 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1062104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120866 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1120866"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123150 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1123150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127473 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1127473"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184301 for CVE-2016-9840",
          "url": "https://bugzilla.suse.com/1184301"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-26T07:37:10Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9840"
    },
    {
      "cve": "CVE-2016-9841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
          "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9841",
          "url": "https://www.suse.com/security/cve/CVE-2016-9841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003579 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1003579"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022633 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1022633"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038505 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1038505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1064070 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1064070"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070162 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1070162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120866 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1120866"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123150 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1123150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127473 for CVE-2016-9841",
          "url": "https://bugzilla.suse.com/1127473"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-26T07:37:10Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9841"
    },
    {
      "cve": "CVE-2016-9842",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9842"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
          "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9842",
          "url": "https://www.suse.com/security/cve/CVE-2016-9842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003580 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1003580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022633 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1022633"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1023215 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1023215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038505 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1038505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062104 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1062104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120866 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1120866"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123150 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1123150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127473 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1127473"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184301 for CVE-2016-9842",
          "url": "https://bugzilla.suse.com/1184301"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-26T07:37:10Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9842"
    },
    {
      "cve": "CVE-2016-9843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
          "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9843",
          "url": "https://www.suse.com/security/cve/CVE-2016-9843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003580 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1003580"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1013882 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1013882"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038505 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1038505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062104 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1062104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116686 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1116686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120866 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1120866"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123150 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1123150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127473 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1127473"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184301 for CVE-2016-9843",
          "url": "https://bugzilla.suse.com/1184301"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Studio Onsite 1.3:zlib-1.2.7-0.135.3.1.x86_64",
            "SUSE Studio Onsite 1.3:zlib-devel-1.2.7-0.135.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-26T07:37:10Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9843"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.