{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "klibc-utils", "libklibc:ppc64el" ] } }, "diff": { "deb": [ { "name": "klibc-utils", "from_version": { "source_package_name": "klibc", "source_package_version": "2.0.7-1ubuntu5.1", "version": "2.0.7-1ubuntu5.1" }, "to_version": { "source_package_name": "klibc", "source_package_version": "2.0.7-1ubuntu5.2", "version": "2.0.7-1ubuntu5.2" }, "cves": [ { "cve": "CVE-2016-9840", "url": "https://ubuntu.com/security/CVE-2016-9840", "cve_description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2016-9841", "url": "https://ubuntu.com/security/CVE-2016-9841", "cve_description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2018-25032", "url": "https://ubuntu.com/security/CVE-2018-25032", "cve_description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "cve_priority": "medium", "cve_public_date": "2022-03-25 09:15:00 UTC" }, { "cve": "CVE-2022-37434", "url": "https://ubuntu.com/security/CVE-2022-37434", "cve_description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "cve_priority": "medium", "cve_public_date": "2022-08-05 07:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2016-9840", "url": "https://ubuntu.com/security/CVE-2016-9840", "cve_description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2016-9841", "url": "https://ubuntu.com/security/CVE-2016-9841", "cve_description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2018-25032", "url": "https://ubuntu.com/security/CVE-2018-25032", "cve_description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "cve_priority": "medium", "cve_public_date": "2022-03-25 09:15:00 UTC" }, { "cve": "CVE-2022-37434", "url": "https://ubuntu.com/security/CVE-2022-37434", "cve_description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "cve_priority": "medium", "cve_public_date": "2022-08-05 07:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: improper pointer arithmetic", " - debian/patches/CVE-2016-9840.patch: remove offset pointer optimization", " in usr/klibc/zlib/inftrees.c.", " - CVE-2016-9840", " * SECURITY UPDATE: improper pointer arithmetic", " - debian/patches/CVE-2016-9841.patch: remove offset pointer optimization", " in usr/klibc/zlib/inffast.c.", " - CVE-2016-9841", " * SECURITY UPDATE: memory corruption during compression", " - debian/patches/CVE-2018-25032.patch: addresses a bug that can crash", " deflate on rare inputs when using Z_FIXED.", " - CVE-2018-25032", " * SECURITY UPDATE: heap-based buffer over-read", " - debian/patches/CVE-2022-37434-1.patch: adds an extra condition to check", " if state->head->extra_max is greater than len before copying, and moves", " the len assignment to be placed before the check in", " usr/klibc/zlib/inflate.c.", " - debian/patches/CVE-2022-37434-2.patch: in the previous patch, the", " placement of the len assignment was causing issues so it was moved", " within the conditional check.", " - CVE-2022-37434", "" ], "package": "klibc", "version": "2.0.7-1ubuntu5.2", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Sat, 13 Apr 2024 12:35:16 +0300" } ], "notes": null }, { "name": "libklibc:ppc64el", "from_version": { "source_package_name": "klibc", "source_package_version": "2.0.7-1ubuntu5.1", "version": "2.0.7-1ubuntu5.1" }, "to_version": { "source_package_name": "klibc", "source_package_version": "2.0.7-1ubuntu5.2", "version": "2.0.7-1ubuntu5.2" }, "cves": [ { "cve": "CVE-2016-9840", "url": "https://ubuntu.com/security/CVE-2016-9840", "cve_description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2016-9841", "url": "https://ubuntu.com/security/CVE-2016-9841", "cve_description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2018-25032", "url": "https://ubuntu.com/security/CVE-2018-25032", "cve_description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "cve_priority": "medium", "cve_public_date": "2022-03-25 09:15:00 UTC" }, { "cve": "CVE-2022-37434", "url": "https://ubuntu.com/security/CVE-2022-37434", "cve_description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "cve_priority": "medium", "cve_public_date": "2022-08-05 07:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2016-9840", "url": "https://ubuntu.com/security/CVE-2016-9840", "cve_description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2016-9841", "url": "https://ubuntu.com/security/CVE-2016-9841", "cve_description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "cve_priority": "low", "cve_public_date": "2017-05-23 04:29:00 UTC" }, { "cve": "CVE-2018-25032", "url": "https://ubuntu.com/security/CVE-2018-25032", "cve_description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "cve_priority": "medium", "cve_public_date": "2022-03-25 09:15:00 UTC" }, { "cve": "CVE-2022-37434", "url": "https://ubuntu.com/security/CVE-2022-37434", "cve_description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "cve_priority": "medium", "cve_public_date": "2022-08-05 07:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: improper pointer arithmetic", " - debian/patches/CVE-2016-9840.patch: remove offset pointer optimization", " in usr/klibc/zlib/inftrees.c.", " - CVE-2016-9840", " * SECURITY UPDATE: improper pointer arithmetic", " - debian/patches/CVE-2016-9841.patch: remove offset pointer optimization", " in usr/klibc/zlib/inffast.c.", " - CVE-2016-9841", " * SECURITY UPDATE: memory corruption during compression", " - debian/patches/CVE-2018-25032.patch: addresses a bug that can crash", " deflate on rare inputs when using Z_FIXED.", " - CVE-2018-25032", " * SECURITY UPDATE: heap-based buffer over-read", " - debian/patches/CVE-2022-37434-1.patch: adds an extra condition to check", " if state->head->extra_max is greater than len before copying, and moves", " the len assignment to be placed before the check in", " usr/klibc/zlib/inflate.c.", " - debian/patches/CVE-2022-37434-2.patch: in the previous patch, the", " placement of the len assignment was causing issues so it was moved", " within the conditional check.", " - CVE-2022-37434", "" ], "package": "klibc", "version": "2.0.7-1ubuntu5.2", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Sat, 13 Apr 2024 12:35:16 +0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from daily image serial 20240415 to 20240416", "from_series": "focal", "to_series": "focal", "from_serial": "20240415", "to_serial": "20240416", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }