Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-9843

Published: 23 May 2017

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Notes

AuthorNote
mdeslaur
since 3.1.3-7, rsync builds with the system zlib

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
bionic
Released (3.1.2-2.1ubuntu1.1)
disco
Released (3.1.3-6)
eoan
Released (3.1.3-6)
focal
Released (3.1.3-6)
groovy
Released (3.1.3-6)
hirsute
Released (3.1.3-6)
impish
Released (3.1.3-6)
jammy
Released (3.1.3-6)
kinetic
Released (3.1.3-6)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial
Released (3.1.1-3ubuntu1.3)
zlib
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
bionic Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
cosmic Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
disco Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
eoan Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
focal Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
groovy Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
hirsute Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
impish Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
jammy Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
kinetic Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream
Released (1.2.9)
xenial
Released (1:1.2.8.dfsg-2ubuntu4.3)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811