CVE-2016-9840 in Ubuntu

CVE-2016-9840

Priority

Description

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have
unspecified impact by leveraging improper pointer arithmetic.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840
http://www.openwall.com/lists/oss-security/2016/12/05/10
https://ubuntu.com/security/notices/USN-4246-1
https://ubuntu.com/security/notices/USN-4292-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270

Notes

mdeslaur

since 3.1.3-7, rsync builds with the system zlib

Package

Source: rsync (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (3.1.2-2.1ubuntu1.1)
Ubuntu 20.04 LTS:	released (3.1.3-6)
Ubuntu 21.10:	released (3.1.3-6)
Ubuntu 16.04 ESM:	released (3.1.1-3ubuntu1.3)
Ubuntu 22.04 LTS:	released (3.1.3-6)
Ubuntu 14.04 ESM:	not-affected (code not present)

Patches:

Package

Source: zlib (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 20.04 LTS:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 21.10:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 16.04 ESM:	released (1:1.2.8.dfsg-2ubuntu4.3)
Ubuntu 22.04 LTS:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 14.04 ESM:	needed

Patches:

Upstream:

https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0

More Information

Updated: 2022-04-25 00:18:21 UTC (commit ecc1009cb19540b950de59270950018900f37f15)