Headline
RHSA-2023:1095: Red Hat Security Advisory: zlib security update
An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-37434: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.
Synopsis
Moderate: zlib security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for zlib is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Security Fix(es):
- zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Red Hat Enterprise Linux Server 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
x86_64
minizip-1.2.7-21.el7_9.i686.rpm
SHA-256: 6b378c5d3a36d6295f7162ad55959c666b410ffe7e7f03aaeafda2a051436f09
minizip-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 5cbfef0897af1617abfefd220cf6b100042eb56e0777b8691029bea579e0dd24
minizip-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: 462c2492e40cb7286a0c79f86f0523b881fae60a555a38c8c708eac96a6cf527
minizip-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1e0c52c30a2d1f1ad67d5d546edf0316946425d795072aa1b28dc8fbe17c457f
zlib-1.2.7-21.el7_9.i686.rpm
SHA-256: 34f6a4429dc03c988c983196e2cc7fe22af7b82f65e04a2f24df649a51bd7470
zlib-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 52d976313bad20c13c4457feef27952da92ee9e21d60d2b9a963d212422b9db5
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: da788f9bd9ac92dbd09566858b6337039681a29c11f5b5f779e15d4b232f37e7
zlib-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1ef8c1a3e9d9a7b0df89e295e991c93f4f869dd94114a6dd7b24313eeb8dcd95
zlib-static-1.2.7-21.el7_9.i686.rpm
SHA-256: 06d39fedf45e2e532e30385016452b896e2e2d677208ae9f59df60a7116657bc
zlib-static-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 0c0cb6392971a1667dcf631201d14841e2e7c9ab03403a9d3a537eb319cff18f
Red Hat Enterprise Linux Workstation 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
x86_64
minizip-1.2.7-21.el7_9.i686.rpm
SHA-256: 6b378c5d3a36d6295f7162ad55959c666b410ffe7e7f03aaeafda2a051436f09
minizip-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 5cbfef0897af1617abfefd220cf6b100042eb56e0777b8691029bea579e0dd24
minizip-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: 462c2492e40cb7286a0c79f86f0523b881fae60a555a38c8c708eac96a6cf527
minizip-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1e0c52c30a2d1f1ad67d5d546edf0316946425d795072aa1b28dc8fbe17c457f
zlib-1.2.7-21.el7_9.i686.rpm
SHA-256: 34f6a4429dc03c988c983196e2cc7fe22af7b82f65e04a2f24df649a51bd7470
zlib-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 52d976313bad20c13c4457feef27952da92ee9e21d60d2b9a963d212422b9db5
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: da788f9bd9ac92dbd09566858b6337039681a29c11f5b5f779e15d4b232f37e7
zlib-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1ef8c1a3e9d9a7b0df89e295e991c93f4f869dd94114a6dd7b24313eeb8dcd95
zlib-static-1.2.7-21.el7_9.i686.rpm
SHA-256: 06d39fedf45e2e532e30385016452b896e2e2d677208ae9f59df60a7116657bc
zlib-static-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 0c0cb6392971a1667dcf631201d14841e2e7c9ab03403a9d3a537eb319cff18f
Red Hat Enterprise Linux Desktop 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
x86_64
minizip-1.2.7-21.el7_9.i686.rpm
SHA-256: 6b378c5d3a36d6295f7162ad55959c666b410ffe7e7f03aaeafda2a051436f09
minizip-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 5cbfef0897af1617abfefd220cf6b100042eb56e0777b8691029bea579e0dd24
minizip-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: 462c2492e40cb7286a0c79f86f0523b881fae60a555a38c8c708eac96a6cf527
minizip-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1e0c52c30a2d1f1ad67d5d546edf0316946425d795072aa1b28dc8fbe17c457f
zlib-1.2.7-21.el7_9.i686.rpm
SHA-256: 34f6a4429dc03c988c983196e2cc7fe22af7b82f65e04a2f24df649a51bd7470
zlib-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 52d976313bad20c13c4457feef27952da92ee9e21d60d2b9a963d212422b9db5
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: da788f9bd9ac92dbd09566858b6337039681a29c11f5b5f779e15d4b232f37e7
zlib-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1ef8c1a3e9d9a7b0df89e295e991c93f4f869dd94114a6dd7b24313eeb8dcd95
zlib-static-1.2.7-21.el7_9.i686.rpm
SHA-256: 06d39fedf45e2e532e30385016452b896e2e2d677208ae9f59df60a7116657bc
zlib-static-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 0c0cb6392971a1667dcf631201d14841e2e7c9ab03403a9d3a537eb319cff18f
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
s390x
minizip-1.2.7-21.el7_9.s390.rpm
SHA-256: c7856d1599c773c9733c44624d54b5f1872f9f31c89e5b244db653db3d3e39c1
minizip-1.2.7-21.el7_9.s390x.rpm
SHA-256: 151d5afacd3b73654e58d374e3817675dcf18173da2d878e2202c4fc2017eb19
minizip-devel-1.2.7-21.el7_9.s390.rpm
SHA-256: e229b26c499b39da90667400d358489fd990c3588004e5f1344665239f2f5bac
minizip-devel-1.2.7-21.el7_9.s390x.rpm
SHA-256: ce8f40db66dbfc2820d39cbc8a479facacc738197d94b82349a4e65008d28cad
zlib-1.2.7-21.el7_9.s390.rpm
SHA-256: 45936a81f32dfb829f2bcbe6d6cdab46701c26c3758ae6f5eab3ad3f31a91902
zlib-1.2.7-21.el7_9.s390x.rpm
SHA-256: 2e3bd74e34dda44002a96049f0e022a91417b6600d90b7059fdf7519c405b6d6
zlib-debuginfo-1.2.7-21.el7_9.s390.rpm
SHA-256: 4c86dae2ecd08f5eac864a198e2b3383d79a0742d7681f2d487064a8aa37aed2
zlib-debuginfo-1.2.7-21.el7_9.s390.rpm
SHA-256: 4c86dae2ecd08f5eac864a198e2b3383d79a0742d7681f2d487064a8aa37aed2
zlib-debuginfo-1.2.7-21.el7_9.s390x.rpm
SHA-256: 2904c95ad876314afdd2013214b71de4d871d8389cc94ea3aad9462775b354e6
zlib-debuginfo-1.2.7-21.el7_9.s390x.rpm
SHA-256: 2904c95ad876314afdd2013214b71de4d871d8389cc94ea3aad9462775b354e6
zlib-devel-1.2.7-21.el7_9.s390.rpm
SHA-256: 54bd950e110de338c308d893a773b22a5f0e0f9ee4e45c260c44f42d8f48a892
zlib-devel-1.2.7-21.el7_9.s390x.rpm
SHA-256: b6b61aad5f231e1d57508a91a425b44570b5642bd1e353519b43eb61afe8a9e9
zlib-static-1.2.7-21.el7_9.s390.rpm
SHA-256: 54b337bf7ca8fe3cb2a253bc6bb3847eb8e8a1280a1e1d1e17d687e5313ff541
zlib-static-1.2.7-21.el7_9.s390x.rpm
SHA-256: d7f6355d1b422e5ca19d381cd4903000491ad057615df08d15b68e80a65b0834
Red Hat Enterprise Linux for Power, big endian 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
ppc64
minizip-1.2.7-21.el7_9.ppc.rpm
SHA-256: 0f70e44d0456d962ee328adff958de77b864e2deb67efbc867e15344fc85b495
minizip-1.2.7-21.el7_9.ppc64.rpm
SHA-256: 4c59b26b10002987369d99e264f160e76d6acc94205f02e11912d0bb020b24e7
minizip-devel-1.2.7-21.el7_9.ppc.rpm
SHA-256: f91d1be1a9fab129e6c53878b4687f1f7aa8fccb281558e393edf0e614f868d3
minizip-devel-1.2.7-21.el7_9.ppc64.rpm
SHA-256: ae07d5bc77a4d79dd5b78713545a923c862523845c5f0261bc8ccbb22c1508f0
zlib-1.2.7-21.el7_9.ppc.rpm
SHA-256: 616e809b36afe456d61e41b5dd177dfc4f1f9c119379812b55f84892d1546eee
zlib-1.2.7-21.el7_9.ppc64.rpm
SHA-256: 53b671481550cd238cde7806b2559b999725d688277f478b5cebed6a87f0a6d8
zlib-debuginfo-1.2.7-21.el7_9.ppc.rpm
SHA-256: 835e547309e8416d003a45f9f11371bd098f2de74efea396ebb3ac988192b7f4
zlib-debuginfo-1.2.7-21.el7_9.ppc.rpm
SHA-256: 835e547309e8416d003a45f9f11371bd098f2de74efea396ebb3ac988192b7f4
zlib-debuginfo-1.2.7-21.el7_9.ppc64.rpm
SHA-256: 06c3736d6948d078f60ae4564d8b21d0756cfc78910a496ffe9be6293267f680
zlib-debuginfo-1.2.7-21.el7_9.ppc64.rpm
SHA-256: 06c3736d6948d078f60ae4564d8b21d0756cfc78910a496ffe9be6293267f680
zlib-devel-1.2.7-21.el7_9.ppc.rpm
SHA-256: 37695d116c6d1f10069b46b40a8d637e71a645b5866ae6e3b26751442b213722
zlib-devel-1.2.7-21.el7_9.ppc64.rpm
SHA-256: 7389eb5bd1b7f749012ca386ef0095208a7f3bf5de9df38516bdb9f93965362d
zlib-static-1.2.7-21.el7_9.ppc.rpm
SHA-256: 46204031bb30147ca344c8ee00c4e7c69c57b53f356f9dbe605a7d6bab4aa7df
zlib-static-1.2.7-21.el7_9.ppc64.rpm
SHA-256: 5c7882d908959b2a03ca27ab03c8c9af82442430b68b9f2d8e82bc1b2250e54f
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
x86_64
minizip-1.2.7-21.el7_9.i686.rpm
SHA-256: 6b378c5d3a36d6295f7162ad55959c666b410ffe7e7f03aaeafda2a051436f09
minizip-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 5cbfef0897af1617abfefd220cf6b100042eb56e0777b8691029bea579e0dd24
minizip-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: 462c2492e40cb7286a0c79f86f0523b881fae60a555a38c8c708eac96a6cf527
minizip-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1e0c52c30a2d1f1ad67d5d546edf0316946425d795072aa1b28dc8fbe17c457f
zlib-1.2.7-21.el7_9.i686.rpm
SHA-256: 34f6a4429dc03c988c983196e2cc7fe22af7b82f65e04a2f24df649a51bd7470
zlib-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 52d976313bad20c13c4457feef27952da92ee9e21d60d2b9a963d212422b9db5
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.i686.rpm
SHA-256: 919e27d5f5d48213530779becddbc9c7fbbe8457fd3df79063a57dc1e43a53ff
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-debuginfo-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 8fe740f2783c7ab8aff5298c6286f88c03703738ea242d7529ac6ef079d26b2f
zlib-devel-1.2.7-21.el7_9.i686.rpm
SHA-256: da788f9bd9ac92dbd09566858b6337039681a29c11f5b5f779e15d4b232f37e7
zlib-devel-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 1ef8c1a3e9d9a7b0df89e295e991c93f4f869dd94114a6dd7b24313eeb8dcd95
zlib-static-1.2.7-21.el7_9.i686.rpm
SHA-256: 06d39fedf45e2e532e30385016452b896e2e2d677208ae9f59df60a7116657bc
zlib-static-1.2.7-21.el7_9.x86_64.rpm
SHA-256: 0c0cb6392971a1667dcf631201d14841e2e7c9ab03403a9d3a537eb319cff18f
Red Hat Enterprise Linux for Power, little endian 7
SRPM
zlib-1.2.7-21.el7_9.src.rpm
SHA-256: 4bef78e18f6271fb9bdb208b24bc8dc6c91f9358aec1ff41147074c5d7c83eae
ppc64le
minizip-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: 7aa218518392e020a853f1e0d3706615a51b516fb8b5a671d7b601bc587a5d89
minizip-devel-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: d0936c4555338b20ff496a9f3201cc85b3224217aa9dc8e5663a8a011e10b385
zlib-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: 70dde60acfde431025d9243e0d440a58e92b6c47c950df6aa562da781eee59b1
zlib-debuginfo-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: da484cbfca3ea1a35fe1f6d731d8eb59d35ec558565adb30ab225851ea34dc2f
zlib-debuginfo-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: da484cbfca3ea1a35fe1f6d731d8eb59d35ec558565adb30ab225851ea34dc2f
zlib-devel-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: 9afcde7b2c051920028e836e1379eedad4c4176cf601339d46c59179d6a7f7e5
zlib-static-1.2.7-21.el7_9.ppc64le.rpm
SHA-256: e2a39411ad021a02b114bdcfa4a6ef4f47e8bb2b548404835c2112e7e9e61f51
Related news
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Red Hat Security Advisory 2022-8291-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Issues addressed include a buffer over-read vulnerability.
An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Red Hat Security Advisory 2022-7793-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Issues addressed include a buffer over-read vulnerability.
An update for zlib is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
Gentoo Linux Security Advisory 202210-42 - A buffer overflow in zlib might allow an attacker to cause remote code execution. Versions less than 1.2.12-r3 are affected.
An update for zlib is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
Ubuntu Security Notice 5570-2 - USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).