Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.6736.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6736-1)
Summary:	The remote host is missing an update for the 'klibc' package(s) announced via the USN-6736-1 advisory.
Description:	Summary: The remote host is missing an update for the 'klibc' package(s) announced via the USN-6736-1 advisory. Vulnerability Insight: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2022-37434) Affected Software/OS: 'klibc' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9840 BugTraq ID: 95131 http://www.securityfocus.com/bid/95131 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://bugzilla.redhat.com/show_bug.cgi?id=1402345 https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208115 https://support.apple.com/HT208144 https://security.gentoo.org/glsa/201701-56 https://security.gentoo.org/glsa/202007-54 https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib https://wiki.mozilla.org/images/0/09/Zlib-report.pdf https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html http://www.openwall.com/lists/oss-security/2016/12/05/21 RedHat Security Advisories: RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1220 RedHat Security Advisories: RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1221 RedHat Security Advisories: RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:1222 RedHat Security Advisories: RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:2999 RedHat Security Advisories: RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3046 RedHat Security Advisories: RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3047 RedHat Security Advisories: RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453 http://www.securitytracker.com/id/1039427 SuSE Security Announcement: openSUSE-SU-2016:3202 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html SuSE Security Announcement: openSUSE-SU-2017:0077 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html SuSE Security Announcement: openSUSE-SU-2017:0080 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html https://usn.ubuntu.com/4246-1/ https://usn.ubuntu.com/4292-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-9841 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://bugzilla.redhat.com/show_bug.cgi?id=1402346 https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb https://security.netapp.com/advisory/ntap-20171019-0001/ http://www.securitytracker.com/id/1039596 Common Vulnerability Exposure (CVE) ID: CVE-2018-25032 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://security.netapp.com/advisory/ntap-20220526-0009/ https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257 Debian Security Information: DSA-5111 (Google Search) https://www.debian.org/security/2022/dsa-5111 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ http://seclists.org/fulldisclosure/2022/May/38 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/33 https://security.gentoo.org/glsa/202210-42 https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/issues/605 https://www.openwall.com/lists/oss-security/2022/03/24/1 https://www.openwall.com/lists/oss-security/2022/03/28/1 https://www.openwall.com/lists/oss-security/2022/03/28/3 https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-37434 20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1 http://seclists.org/fulldisclosure/2022/Oct/37 20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 http://seclists.org/fulldisclosure/2022/Oct/38 20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 http://seclists.org/fulldisclosure/2022/Oct/41 20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 http://seclists.org/fulldisclosure/2022/Oct/42 DSA-5218 https://www.debian.org/security/2022/dsa-5218 FEDORA-2022-0b517a5397 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ FEDORA-2022-15da0cf165 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ FEDORA-2022-25e4dbedf9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ FEDORA-2022-3c28ae0cd8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ FEDORA-2022-b8232d1cca https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ [debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html [oss-security] 20220805 zlib buffer overflow http://www.openwall.com/lists/oss-security/2022/08/05/2 [oss-security] 20220808 Re: zlib buffer overflow http://www.openwall.com/lists/oss-security/2022/08/09/1 https://github.com/curl/curl/issues/9271 https://github.com/ivd38/zlib_overflow https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 https://security.netapp.com/advisory/ntap-20220901-0005/ https://support.apple.com/kb/HT213488 https://support.apple.com/kb/HT213489 https://support.apple.com/kb/HT213490 https://support.apple.com/kb/HT213491 https://support.apple.com/kb/HT213493 https://support.apple.com/kb/HT213494
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.