Headline
RHSA-2022:7106: Red Hat Security Advisory: zlib security update
An update for zlib is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Synopsis
Moderate: zlib security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for zlib is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Security Fix(es):
- zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
Fixes
- BZ - 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Red Hat Enterprise Linux for x86_64 8
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
x86_64
zlib-1.2.11-19.el8_6.i686.rpm
SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7
zlib-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-devel-1.2.11-19.el8_6.i686.rpm
SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43
zlib-devel-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
x86_64
zlib-1.2.11-19.el8_6.i686.rpm
SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7
zlib-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-devel-1.2.11-19.el8_6.i686.rpm
SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43
zlib-devel-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
x86_64
zlib-1.2.11-19.el8_6.i686.rpm
SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7
zlib-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-devel-1.2.11-19.el8_6.i686.rpm
SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43
zlib-devel-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
s390x
zlib-1.2.11-19.el8_6.s390x.rpm
SHA-256: fa0a0281c4a70fb884068ae8a4235a13f8fe758d095fcb12359054021aff3934
zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm
SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341
zlib-debugsource-1.2.11-19.el8_6.s390x.rpm
SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420
zlib-devel-1.2.11-19.el8_6.s390x.rpm
SHA-256: 4e1e58051c7dfd893768b1955964f2123758a1c439987fc64717f9a0fd57beab
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
s390x
zlib-1.2.11-19.el8_6.s390x.rpm
SHA-256: fa0a0281c4a70fb884068ae8a4235a13f8fe758d095fcb12359054021aff3934
zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm
SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341
zlib-debugsource-1.2.11-19.el8_6.s390x.rpm
SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420
zlib-devel-1.2.11-19.el8_6.s390x.rpm
SHA-256: 4e1e58051c7dfd893768b1955964f2123758a1c439987fc64717f9a0fd57beab
Red Hat Enterprise Linux for Power, little endian 8
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
ppc64le
zlib-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: a42390f55a1956c147b75010bd94f762a0fd9e3816c93590bd17bbb3741c5b14
zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d
zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8
zlib-devel-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: e0cf583f71b43ae0c7ff7d9c73a0dc04ec97180cfdfb7875d485fb8576e0463b
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
ppc64le
zlib-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: a42390f55a1956c147b75010bd94f762a0fd9e3816c93590bd17bbb3741c5b14
zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d
zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8
zlib-devel-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: e0cf583f71b43ae0c7ff7d9c73a0dc04ec97180cfdfb7875d485fb8576e0463b
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
x86_64
zlib-1.2.11-19.el8_6.i686.rpm
SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7
zlib-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-devel-1.2.11-19.el8_6.i686.rpm
SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43
zlib-devel-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d
Red Hat Enterprise Linux for ARM 64 8
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
aarch64
zlib-1.2.11-19.el8_6.aarch64.rpm
SHA-256: c3b953b032c196307fc88bc4d6d94884e785b42dac53847a67f68649a65465cc
zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c
zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e
zlib-devel-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 3c8476b4a5d4d7b4f5f8be203d866726265d264330aa6d399dd6a68ebd62b3f9
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
ppc64le
zlib-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: a42390f55a1956c147b75010bd94f762a0fd9e3816c93590bd17bbb3741c5b14
zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d
zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8
zlib-devel-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: e0cf583f71b43ae0c7ff7d9c73a0dc04ec97180cfdfb7875d485fb8576e0463b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
x86_64
zlib-1.2.11-19.el8_6.i686.rpm
SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7
zlib-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-devel-1.2.11-19.el8_6.i686.rpm
SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43
zlib-devel-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-static-1.2.11-19.el8_6.i686.rpm
SHA-256: 56f4da5310b2bc3e91deb24d009e52f0cbd43668e8995d856a46cda2f90e7cce
zlib-static-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f32963e3a6858975335d7c84ec768725c9e1448e8f6fe27b38469b51e6c26534
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d
zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8
zlib-static-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 6c2177b7af24ec291dbb87433dd60c0bd3dd8ef7d33c2a61c2201bb755f006d8
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c
zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e
zlib-static-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 8d06cea3a0cd55a2772e4a89b6d4744dc8afdb6b0447e5177c10010b6f5cea0e
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm
SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341
zlib-debugsource-1.2.11-19.el8_6.s390x.rpm
SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420
zlib-static-1.2.11-19.el8_6.s390x.rpm
SHA-256: 3c44d209be04e8fd3404c895bafcc366434cbe6f1a159af978fd827e3aba6e79
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
zlib-1.2.11-19.el8_6.src.rpm
SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c
aarch64
zlib-1.2.11-19.el8_6.aarch64.rpm
SHA-256: c3b953b032c196307fc88bc4d6d94884e785b42dac53847a67f68649a65465cc
zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c
zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e
zlib-devel-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 3c8476b4a5d4d7b4f5f8be203d866726265d264330aa6d399dd6a68ebd62b3f9
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
SRPM
x86_64
zlib-debuginfo-1.2.11-19.el8_6.i686.rpm
SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1
zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm
SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366
zlib-debugsource-1.2.11-19.el8_6.i686.rpm
SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1
zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm
SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd
zlib-static-1.2.11-19.el8_6.i686.rpm
SHA-256: 56f4da5310b2bc3e91deb24d009e52f0cbd43668e8995d856a46cda2f90e7cce
zlib-static-1.2.11-19.el8_6.x86_64.rpm
SHA-256: f32963e3a6858975335d7c84ec768725c9e1448e8f6fe27b38469b51e6c26534
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6
SRPM
ppc64le
zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d
zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8
zlib-static-1.2.11-19.el8_6.ppc64le.rpm
SHA-256: 6c2177b7af24ec291dbb87433dd60c0bd3dd8ef7d33c2a61c2201bb755f006d8
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6
SRPM
s390x
zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm
SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341
zlib-debugsource-1.2.11-19.el8_6.s390x.rpm
SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420
zlib-static-1.2.11-19.el8_6.s390x.rpm
SHA-256: 3c44d209be04e8fd3404c895bafcc366434cbe6f1a159af978fd827e3aba6e79
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6
SRPM
aarch64
zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c
zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e
zlib-static-1.2.11-19.el8_6.aarch64.rpm
SHA-256: 8d06cea3a0cd55a2772e4a89b6d4744dc8afdb6b0447e5177c10010b6f5cea0e
Related news
Ubuntu Security Notice 6736-1 - It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...
Red Hat Security Advisory 2022-8291-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Issues addressed include a buffer over-read vulnerability.
Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.
Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.
An update for rsync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Red Hat Security Advisory 2022-7407-01 - Service Binding Operator 1.3.1 is now available for OpenShift Developer Tools and Services for OCP 4.9 +.
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...
Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...
Gentoo Linux Security Advisory 202210-42 - A buffer overflow in zlib might allow an attacker to cause remote code execution. Versions less than 1.2.12-r3 are affected.
Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.
Ubuntu Security Notice 5570-2 - USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Ubuntu Security Notice 5573-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5570-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).