Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1642: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-04-28

Updated:

2022-04-28

RHSA-2022:1642 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: zlib security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for zlib is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

Security Fix(es):

  • zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

Red Hat Enterprise Linux for x86_64 8

SRPM

zlib-1.2.11-18.el8_5.src.rpm

SHA-256: 34d93329c0ea279550c264b979f735e6ce445f8c2029e5077be906be463d3380

x86_64

zlib-1.2.11-18.el8_5.i686.rpm

SHA-256: a90f109267770c6833fffc3ce3db8f26995212b3adccaaeabd1b128f74e101a1

zlib-1.2.11-18.el8_5.x86_64.rpm

SHA-256: 6bf8c03ef185b79579f42ce3404d01b0444772cc476081807002124e0331661e

zlib-debuginfo-1.2.11-18.el8_5.i686.rpm

SHA-256: 17ee86a6ffd9bf5974598678d5442bcf59f45df089d801c74454fbe1cd2602f9

zlib-debuginfo-1.2.11-18.el8_5.x86_64.rpm

SHA-256: 84b374c5bf36a1ac5b9508a6b72a7107f0aa71cc7f75b0d99639ac5a475d81f5

zlib-debugsource-1.2.11-18.el8_5.i686.rpm

SHA-256: cd8cdc70cbe91fcb0a007a708fb2d3a8c8e5c69576ead7171902e26c276f88aa

zlib-debugsource-1.2.11-18.el8_5.x86_64.rpm

SHA-256: 82a50dab598003cd7ad5154781281991cfc053be797234626226bcdb389c82d0

zlib-devel-1.2.11-18.el8_5.i686.rpm

SHA-256: 6b413b39392059773fad7d90c48c8528c32620104e0b65a0868b1a9e7159a0cd

zlib-devel-1.2.11-18.el8_5.x86_64.rpm

SHA-256: c86cd8db282fec7d3b9ca3d723f7c75f6c4b7028cd06feef7c4f9593c122d677

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

zlib-1.2.11-18.el8_5.src.rpm

SHA-256: 34d93329c0ea279550c264b979f735e6ce445f8c2029e5077be906be463d3380

s390x

zlib-1.2.11-18.el8_5.s390x.rpm

SHA-256: f855d1de821ab906965599385bff2762317f216870502718cf7db45ba085e2e8

zlib-debuginfo-1.2.11-18.el8_5.s390x.rpm

SHA-256: c6a9314ccaafc8afa50d09a330452a9f4ccc4996a72fab41b4b5cdc08f515da5

zlib-debugsource-1.2.11-18.el8_5.s390x.rpm

SHA-256: 32c678291e8120c2fc75e5f4d0175caccdb147e05f69954df8d308fe6dd636f4

zlib-devel-1.2.11-18.el8_5.s390x.rpm

SHA-256: 5a9fa6ee9b33bc9b66d74cccf9011f69f218efcbe79a80f616abe6a4071e04cb

Red Hat Enterprise Linux for Power, little endian 8

SRPM

zlib-1.2.11-18.el8_5.src.rpm

SHA-256: 34d93329c0ea279550c264b979f735e6ce445f8c2029e5077be906be463d3380

ppc64le

zlib-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: c1f153398f6a0b3291e54e2d1d1d836d55f7b92a5ebbd530c43d4631df1939cd

zlib-debuginfo-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: 1c922905addc0b5cf283cfdf7b0aa3e6c6a61637ae09e76a9d1599cc2d5ff76a

zlib-debugsource-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: 504cc9c0972151777c8c7fabf1d17734f95c2dcf80bca7e595626bc3025031a3

zlib-devel-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: 179cc20699dc4c90086fe65c356afec7c7ae17cf461756e70c63c33fbc6a3d83

Red Hat Enterprise Linux for ARM 64 8

SRPM

zlib-1.2.11-18.el8_5.src.rpm

SHA-256: 34d93329c0ea279550c264b979f735e6ce445f8c2029e5077be906be463d3380

aarch64

zlib-1.2.11-18.el8_5.aarch64.rpm

SHA-256: dc8795d53e6e0393fae20d7c7b3539f35248791ecca30a88ae830196c2b25ee9

zlib-debuginfo-1.2.11-18.el8_5.aarch64.rpm

SHA-256: e63db78f6f45649600760069995367e358e0a1c158114162cca416fb58abb75a

zlib-debugsource-1.2.11-18.el8_5.aarch64.rpm

SHA-256: ae655d78892a4d5fe6cd498b89607e42227ede25c5df083dc0b635e104294f03

zlib-devel-1.2.11-18.el8_5.aarch64.rpm

SHA-256: a03810ebbdac3e02a7a5ce900c4a2b46b9739f40d8bb4a1398ecc505bee172b9

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

zlib-debuginfo-1.2.11-18.el8_5.i686.rpm

SHA-256: 17ee86a6ffd9bf5974598678d5442bcf59f45df089d801c74454fbe1cd2602f9

zlib-debuginfo-1.2.11-18.el8_5.x86_64.rpm

SHA-256: 84b374c5bf36a1ac5b9508a6b72a7107f0aa71cc7f75b0d99639ac5a475d81f5

zlib-debugsource-1.2.11-18.el8_5.i686.rpm

SHA-256: cd8cdc70cbe91fcb0a007a708fb2d3a8c8e5c69576ead7171902e26c276f88aa

zlib-debugsource-1.2.11-18.el8_5.x86_64.rpm

SHA-256: 82a50dab598003cd7ad5154781281991cfc053be797234626226bcdb389c82d0

zlib-static-1.2.11-18.el8_5.i686.rpm

SHA-256: 0c81efcdef79c41cdb4e0e382b9f208182596a624979dd8b99699f72061439b5

zlib-static-1.2.11-18.el8_5.x86_64.rpm

SHA-256: 4b3fda7f8da19d64094d017b48d338a13bd0907746bdd8926d06ea114a6c2767

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

zlib-debuginfo-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: 1c922905addc0b5cf283cfdf7b0aa3e6c6a61637ae09e76a9d1599cc2d5ff76a

zlib-debugsource-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: 504cc9c0972151777c8c7fabf1d17734f95c2dcf80bca7e595626bc3025031a3

zlib-static-1.2.11-18.el8_5.ppc64le.rpm

SHA-256: 510d5664bd515feca486b589df207bfc3583cfdabdde1d7ecc2356a5c1dbadca

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

zlib-debuginfo-1.2.11-18.el8_5.aarch64.rpm

SHA-256: e63db78f6f45649600760069995367e358e0a1c158114162cca416fb58abb75a

zlib-debugsource-1.2.11-18.el8_5.aarch64.rpm

SHA-256: ae655d78892a4d5fe6cd498b89607e42227ede25c5df083dc0b635e104294f03

zlib-static-1.2.11-18.el8_5.aarch64.rpm

SHA-256: 7ddc4808adb653739289298c4404d0db1f05eec7a679c63746e84e37e76746ee

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

zlib-debuginfo-1.2.11-18.el8_5.s390x.rpm

SHA-256: c6a9314ccaafc8afa50d09a330452a9f4ccc4996a72fab41b4b5cdc08f515da5

zlib-debugsource-1.2.11-18.el8_5.s390x.rpm

SHA-256: 32c678291e8120c2fc75e5f4d0175caccdb147e05f69954df8d308fe6dd636f4

zlib-static-1.2.11-18.el8_5.s390x.rpm

SHA-256: 1fb21725a93cc1cfb5cca9790546d529723e5cdb5de82186e14cf6d31b673019

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2022:1436: Red Hat Security Advisory: OpenJDK 17.0.3 security update for Portable Linux Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21449: OpenJDK: Im...

RHSA-2022:1437: Red Hat Security Advisory: OpenJDK 17.0.3 security update for Windows Builds

The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21449: OpenJDK: Improper E...

RHSA-2022:1439: Red Hat Security Advisory: OpenJDK 11.0.15 security update for Windows Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defective...

RHSA-2022:1435: Red Hat Security Advisory: OpenJDK 11.0.15 security update for Portable Linux Builds

The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: De...

RHSA-2022:1438: Red Hat Security Advisory: OpenJDK 8u332 security update for Portable Linux Builds

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: ...

RHSA-2022:1492: Red Hat Security Advisory: OpenJDK 8u332 Windows builds release and security update

The Red Hat build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defecti...

RHSA-2022:1643: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

RHSA-2022:1644: Red Hat Security Advisory: xmlrpc-c security update

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25235: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

Red Hat Security Advisory 2022-1628-01

Red Hat Security Advisory 2022-1628-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view that allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.

Red Hat Security Advisory 2022-1420-01

Red Hat Security Advisory 2022-1420-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.665. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-1626-01

Red Hat Security Advisory 2022-1626-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.6 serves as a replacement for Red Hat AMQ Broker 7.8.5, and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1627-01

Red Hat Security Advisory 2022-1627-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.4 serves as a replacement for Red Hat AMQ Broker 7.9.3, and includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2022-1619-01

Red Hat Security Advisory 2022-1619-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-1599-01

Red Hat Security Advisory 2022-1599-01 - The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux versions.

Red Hat Security Advisory 2022-1617-01

Red Hat Security Advisory 2022-1617-01 - The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux version.

Red Hat Security Advisory 2022-1618-01

Red Hat Security Advisory 2022-1618-01 - The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux version.

Red Hat Security Advisory 2022-1550-01

Red Hat Security Advisory 2022-1550-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.