CVE-2016-9842 in Ubuntu

CVE-2016-9842

Priority

Description

The inflateMark function in inflate.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact via vectors
involving left shifts of negative integers.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842
http://www.openwall.com/lists/oss-security/2016/12/05/10
https://ubuntu.com/security/notices/USN-4246-1
https://ubuntu.com/security/notices/USN-4292-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274

Notes

mdeslaur

since 3.1.3-7, rsync builds with the system zlib

Package

Source: rsync (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (3.1.2-2.1ubuntu1.1)
Ubuntu 20.04 LTS:	released (3.1.3-6)
Ubuntu 21.10:	released (3.1.3-6)
Ubuntu 16.04 ESM:	released (3.1.1-3ubuntu1.3)
Ubuntu 22.04 LTS:	released (3.1.3-6)
Ubuntu 14.04 ESM:	not-affected (code not present)

Patches:

Package

Source: zlib (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 20.04 LTS:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 21.10:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 16.04 ESM:	released (1:1.2.8.dfsg-2ubuntu4.3)
Ubuntu 22.04 LTS:	not-affected (1:1.2.11.dfsg-0ubuntu2)
Ubuntu 14.04 ESM:	needed

Patches:

Upstream:	https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
Upstream:	https://github.com/madler/zlib/commit/2edb94a3025d288dc251bc6cbb2c02e60fbd7438

More Information

Updated: 2022-04-25 00:18:21 UTC (commit ecc1009cb19540b950de59270950018900f37f15)