From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 55A9F139085 for ; Mon, 23 Jan 2017 03:56:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B9347142DE; Mon, 23 Jan 2017 03:42:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D7E98142C0 for ; Mon, 23 Jan 2017 03:40:52 +0000 (UTC) Received: from [10.10.10.116] (unknown [65.99.36.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: bman) by smtp.gentoo.org (Postfix) with ESMTPSA id CECD9341675 for ; Mon, 23 Jan 2017 03:40:51 +0000 (UTC) To: gentoo-announce@lists.gentoo.org From: Aaron Bauman Subject: [gentoo-announce] [ GLSA 201701-56 ] zlib: Multiple vulnerabilities Message-ID: <056b6fe1-0515-f25a-0016-c5062b322918@gentoo.org> Date: Mon, 23 Jan 2017 12:40:46 +0900 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Itvx8cLcOUkf2dgKqc3r3xXOgq2T0rI2u" X-Archives-Salt: 03e3de1e-2ba6-486a-9b49-8493024da97c X-Archives-Hash: 1b44d9e7451bae5b494576737e720fbf This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Itvx8cLcOUkf2dgKqc3r3xXOgq2T0rI2u Content-Type: multipart/mixed; boundary="fnX3HjfncIaesAarah6r1L5K4fncCuV5S" From: Aaron Bauman To: gentoo-announce@lists.gentoo.org Message-ID: <056b6fe1-0515-f25a-0016-c5062b322918@gentoo.org> Subject: [ GLSA 201701-56 ] zlib: Multiple vulnerabilities --fnX3HjfncIaesAarah6r1L5K4fncCuV5S Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: zlib: Multiple vulnerabilities Date: January 23, 2017 Bugs: #601828 ID: 201701-56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis =3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been found in zlib, the worst of which could allow attackers to cause a Denial of Service condition. Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D zlib is a widely used free and patent unencumbered data compression library. Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/zlib < 1.2.9 >=3D 1.2.9 Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact =3D=3D=3D=3D=3D=3D An attacker could cause a Denial of Service condition. Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D There is no known workaround at this time. Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D All zlib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=3Dsys-libs/zlib-1.2.9" References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 1 ] CVE-2016-9840 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2016-9840 [ 2 ] CVE-2016-9841 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2016-9841 [ 3 ] CVE-2016-9842 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2016-9842 [ 4 ] CVE-2016-9843 http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2016-9843 Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-56 Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License =3D=3D=3D=3D=3D=3D=3D Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --fnX3HjfncIaesAarah6r1L5K4fncCuV5S-- --Itvx8cLcOUkf2dgKqc3r3xXOgq2T0rI2u Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYhXs+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5 RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/O04P/Rs3POKusSTiitvTCfRAbZKQ 5HvrKh6xd6jEarYn2x5F0mBOzdyXhDdqNuYuycfCKzcysN9cJSaaz3oK6zbMNjbt YxaN0/bJkhCgdZHtxuP5iyp/Qt8729EOwLntVS1vbmsjRaHN72m6LlCHJswNs+u+ v3Qfzv4TUqHr1h+gHuvrvsoId75rqi1/JQuhxG4I2Wm7e5N6Tc97cPt5+7znOYVR xQ8T4ya36lDK0XHtoJcx3jrdD+6/Ee+6pPG1VU5ZSvqQwsVG/UwaUyjEH6pY1T3R vjvqXHd1xCF5I5mPl41ZekxdCjXCfrjTwokeC+Qrz2Wt4w4IgA/VHaWw2TDiH9Tt PP/6nTGKhvO8ai4/pjEp6N5cEK2/yY6KqeK/zxHYoVQVE/GrIVoanzE+FbKTZjOM gs5QcTe8txHolz8KA9K9mQwYKaeNOzP925Q7CgAiC7RZXoRPq7v2lLn1ntXhe/R0 xh7cDhAATcEZ3hp7vbRvGvqqIjyaT8X7MQpDzwdoGgyTjNC9Wy+27AqgGvB/ElYd cPpKSFRKMrXHbqFNBJo70kMcHdWjXF72NexLtqxGx++3tvHJjv10cBHsJhvL6bZF 7NGJkSmGJnWiMzfxiWIWz/0/Qt3neHucWdw7mmSnZnZ43gq3qcKJ6S6nTVt7xZK8 ZrKs8/7mx43N5MJE2xko =lRqE -----END PGP SIGNATURE----- --Itvx8cLcOUkf2dgKqc3r3xXOgq2T0rI2u--