inftrees.c was subtracting an offset from a pointer to an array, in order to provide a pointer that allowed indexing starting at the offset. This is not compliant with the C standard, for which the behavior of a pointer decremented before its allocated memory is undefined. External References: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7 Upstream patch: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 CVE assignment: http://seclists.org/oss-sec/2016/q4/602
Created zlib tracking bugs for this issue: Affects: fedora-all [bug 1402352]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:1222
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1221
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1220
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:2999
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3047
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3046
Quoting from the report <https://wiki.mozilla.org/images/0/09/Zlib-report.pdf>: > We have identified five areas where code in zlib invokes undefined > behavior in the C standard. Use of this code does not currently > generate buggy binaries, but it is possible that with future compilers > or platforms these latent bugs may manifest in compiled code Using GCC on Red Hat Enterprise Linux supported architectures, the UB described in this flaw does not manifest as a bug.
This issue has been addressed in the following products: Red Hat Satellite 5.8 Red Hat Satellite 5.8 ELS Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453