First published: Wed Dec 07 2016(Updated: )
An old inffast.c optimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. External References: <a href="https://wiki.mozilla.org/images/0/09/Zlib-report.pdf">https://wiki.mozilla.org/images/0/09/Zlib-report.pdf</a> <a href="https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7">https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7</a> Upstream patch: <a href="https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb">https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb</a> CVE assignment: <a href="http://seclists.org/oss-sec/2016/q4/602">http://seclists.org/oss-sec/2016/q4/602</a>
Credit: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 security@opentext.com meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS High Sierra | <10.13 | 10.13 |
Apple watchOS | <4 | 4 |
Apple tvOS | <11 | 11 |
Apple iOS | <11 | 11 |
redhat/zlib | <1.2.9 | 1.2.9 |
Zlib Zlib | >=1.2.0<1.2.9 | |
openSUSE Leap | =42.1 | |
openSUSE Leap | =42.2 | |
openSUSE openSUSE | =13.2 | |
Debian Debian Linux | =8.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Oracle Database Server | =18c | |
Oracle JDK | =1.6.0-update161 | |
Oracle JDK | =1.7.0-update151 | |
Oracle JDK | =1.8.0-update144 | |
Oracle JRE | =1.6.0-update161 | |
Oracle JRE | =1.7.0-update151 | |
Oracle JRE | =1.8.0-update144 | |
Oracle MySQL | >=5.5.0<=5.5.61 | |
Oracle MySQL | >=5.6.0<=5.6.41 | |
Oracle MySQL | >=5.7.0<=5.7.23 | |
Oracle MySQL | >=8.0.0<=8.0.12 | |
Redhat Satellite | =5.8 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =7.4 | |
Redhat Enterprise Linux Eus | =7.5 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Apple iPhone OS | <11 | |
Apple Mac OS X | >=10.0.0<10.13.0 | |
Apple tvOS | <11.0 | |
Apple watchOS | <4 | |
Netapp Active Iq Unified Manager Windows | >=7.3 | |
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
Netapp Cloud Backup | ||
Netapp E-series Santricity Management Vmware Sra | ||
Netapp E-series Santricity Management Vmware Vasa | ||
Netapp E-series Santricity Management Vmware Vcenter | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Web Services Proxy | ||
NetApp OnCommand Balance | ||
NetApp OnCommand Insight | ||
Netapp Oncommand Performance Manager Vmware Vsphere | ||
Netapp Oncommand Shift | ||
Netapp Oncommand Unified Manager Vsphere | <=7.1 | |
Netapp Oncommand Unified Manager Windows | <=7.1 | |
Netapp Oncommand Unified Manager 7-mode | ||
NetApp OnCommand Workflow Automation | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Netapp Solidfire | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Storage Replication Adapter For Clustered Data Ontap Vmware Vsphere | ||
Netapp Symantec Netbackup | ||
Netapp Vasa Provider For Clustered Data Ontap | >=7.2 | |
Netapp Virtual Storage Console Vmware Vsphere | ||
Netapp Hci Storage Node | ||
Nodejs Node.js | >=4.0.0<=4.1.2 | |
Nodejs Node.js | >=4.2.0<4.8.2 | |
Nodejs Node.js | >=6.0.0<=6.8.1 | |
Nodejs Node.js | >=6.9.0<6.10.2 | |
Nodejs Node.js | >=7.0.0<7.6.0 | |
debian/rsync | 3.2.3-4+deb11u1 3.2.7-1 3.3.0-1 | |
debian/zlib | 1:1.2.11.dfsg-2+deb11u2 1:1.2.13.dfsg-1 1:1.3.dfsg+really1.3.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)