Headline
Ubuntu Security Notice USN-7107-1
Ubuntu Security Notice 7107-1 - It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-7107-1November 13, 2024zlib vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:zlib could be made to crash or run programs if it receivedspecially crafted input.Software Description:- zlib: Lossless data-compression libraryDetails:It was discovered that Minizip in zlib incorrectly handled certain zipheader fields. An attacker could possibly use this issue to cause a denialof service, or execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTSlib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu Prolib32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu Prolibx32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu Prolibx32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu Prozlib-bin 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu Prozlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu Prozlib1g-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-7107-1CVE-2023-45853Related news
Gentoo Linux Security Advisory 202401-18 - A vulnerability has been found in zlib that can lead to a heap-based buffer overflow. Versions greater than or equal to 1.2.13-r2 are affected.
Red Hat Security Advisory 2023-7626-03 - Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2 is now available. Issues addressed include buffer overflow, denial of service, information leakage, and integer overflow vulnerabilities.
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.