Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7106: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Red Hat Security Data
#vulnerability#linux#red_hat#buffer_overflow#ibm#sap#ssl

Synopsis

Moderate: zlib security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for zlib is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

Security Fix(es):

  • zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

Red Hat Enterprise Linux for x86_64 8

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

x86_64

zlib-1.2.11-19.el8_6.i686.rpm

SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7

zlib-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-devel-1.2.11-19.el8_6.i686.rpm

SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43

zlib-devel-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

x86_64

zlib-1.2.11-19.el8_6.i686.rpm

SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7

zlib-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-devel-1.2.11-19.el8_6.i686.rpm

SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43

zlib-devel-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

x86_64

zlib-1.2.11-19.el8_6.i686.rpm

SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7

zlib-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-devel-1.2.11-19.el8_6.i686.rpm

SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43

zlib-devel-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

s390x

zlib-1.2.11-19.el8_6.s390x.rpm

SHA-256: fa0a0281c4a70fb884068ae8a4235a13f8fe758d095fcb12359054021aff3934

zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm

SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341

zlib-debugsource-1.2.11-19.el8_6.s390x.rpm

SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420

zlib-devel-1.2.11-19.el8_6.s390x.rpm

SHA-256: 4e1e58051c7dfd893768b1955964f2123758a1c439987fc64717f9a0fd57beab

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

s390x

zlib-1.2.11-19.el8_6.s390x.rpm

SHA-256: fa0a0281c4a70fb884068ae8a4235a13f8fe758d095fcb12359054021aff3934

zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm

SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341

zlib-debugsource-1.2.11-19.el8_6.s390x.rpm

SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420

zlib-devel-1.2.11-19.el8_6.s390x.rpm

SHA-256: 4e1e58051c7dfd893768b1955964f2123758a1c439987fc64717f9a0fd57beab

Red Hat Enterprise Linux for Power, little endian 8

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

ppc64le

zlib-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: a42390f55a1956c147b75010bd94f762a0fd9e3816c93590bd17bbb3741c5b14

zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d

zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8

zlib-devel-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: e0cf583f71b43ae0c7ff7d9c73a0dc04ec97180cfdfb7875d485fb8576e0463b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

ppc64le

zlib-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: a42390f55a1956c147b75010bd94f762a0fd9e3816c93590bd17bbb3741c5b14

zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d

zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8

zlib-devel-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: e0cf583f71b43ae0c7ff7d9c73a0dc04ec97180cfdfb7875d485fb8576e0463b

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

x86_64

zlib-1.2.11-19.el8_6.i686.rpm

SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7

zlib-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-devel-1.2.11-19.el8_6.i686.rpm

SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43

zlib-devel-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d

Red Hat Enterprise Linux for ARM 64 8

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

aarch64

zlib-1.2.11-19.el8_6.aarch64.rpm

SHA-256: c3b953b032c196307fc88bc4d6d94884e785b42dac53847a67f68649a65465cc

zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c

zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e

zlib-devel-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 3c8476b4a5d4d7b4f5f8be203d866726265d264330aa6d399dd6a68ebd62b3f9

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

ppc64le

zlib-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: a42390f55a1956c147b75010bd94f762a0fd9e3816c93590bd17bbb3741c5b14

zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d

zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8

zlib-devel-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: e0cf583f71b43ae0c7ff7d9c73a0dc04ec97180cfdfb7875d485fb8576e0463b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

x86_64

zlib-1.2.11-19.el8_6.i686.rpm

SHA-256: b21d469fa95d2c9e12e739c7186dfde2ea753a9f6ba5a16ee5bda4e09ce724b7

zlib-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 2c6fd2e594e6f3d778c797dd4193a1375a498216d217ffbfd75f74b58605d8d9

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-devel-1.2.11-19.el8_6.i686.rpm

SHA-256: 7c3b47bb90cfb59a066ce63b665668c63b841957167b02930b8e96ed24d81d43

zlib-devel-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f69c00664e1726af4f90e09d940189e97c0ea70deb7e347495f74d286999b64d

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-static-1.2.11-19.el8_6.i686.rpm

SHA-256: 56f4da5310b2bc3e91deb24d009e52f0cbd43668e8995d856a46cda2f90e7cce

zlib-static-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f32963e3a6858975335d7c84ec768725c9e1448e8f6fe27b38469b51e6c26534

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d

zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8

zlib-static-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 6c2177b7af24ec291dbb87433dd60c0bd3dd8ef7d33c2a61c2201bb755f006d8

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c

zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e

zlib-static-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 8d06cea3a0cd55a2772e4a89b6d4744dc8afdb6b0447e5177c10010b6f5cea0e

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm

SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341

zlib-debugsource-1.2.11-19.el8_6.s390x.rpm

SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420

zlib-static-1.2.11-19.el8_6.s390x.rpm

SHA-256: 3c44d209be04e8fd3404c895bafcc366434cbe6f1a159af978fd827e3aba6e79

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

zlib-1.2.11-19.el8_6.src.rpm

SHA-256: 10d9ed59f5c51c7c7237f9961d01bcd370a0ec7abd79e28569f2b84c022ea82c

aarch64

zlib-1.2.11-19.el8_6.aarch64.rpm

SHA-256: c3b953b032c196307fc88bc4d6d94884e785b42dac53847a67f68649a65465cc

zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c

zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e

zlib-devel-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 3c8476b4a5d4d7b4f5f8be203d866726265d264330aa6d399dd6a68ebd62b3f9

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM

x86_64

zlib-debuginfo-1.2.11-19.el8_6.i686.rpm

SHA-256: 8f1dd3bdacf730d3551b7768e449272623fe9230f459e2eca084fbbb1f0c51f1

zlib-debuginfo-1.2.11-19.el8_6.x86_64.rpm

SHA-256: 7410a2e45b24bb95b0c6594820c375d5e16e056bec7c25731aca690f8ecb9366

zlib-debugsource-1.2.11-19.el8_6.i686.rpm

SHA-256: d03f2dbe79236cd8f87b97ab74adc112da70123ca8f22528be33e9abbba304b1

zlib-debugsource-1.2.11-19.el8_6.x86_64.rpm

SHA-256: c30d0658fcbda382f8bcdd8b3d5427512ef6562e4a665e7888a25f95e29535cd

zlib-static-1.2.11-19.el8_6.i686.rpm

SHA-256: 56f4da5310b2bc3e91deb24d009e52f0cbd43668e8995d856a46cda2f90e7cce

zlib-static-1.2.11-19.el8_6.x86_64.rpm

SHA-256: f32963e3a6858975335d7c84ec768725c9e1448e8f6fe27b38469b51e6c26534

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6

SRPM

ppc64le

zlib-debuginfo-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 1794aced2962e978997b7ca2227262c7843ae289b8a319183dbac986070a760d

zlib-debugsource-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 5559201e30a737ee0bb766c5143dd85f639d6153f26256453d801f89c9b8ccb8

zlib-static-1.2.11-19.el8_6.ppc64le.rpm

SHA-256: 6c2177b7af24ec291dbb87433dd60c0bd3dd8ef7d33c2a61c2201bb755f006d8

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM

s390x

zlib-debuginfo-1.2.11-19.el8_6.s390x.rpm

SHA-256: 78a4153b05059b30f432a0f7d6a1f203851c7da538d507afea71a263e0688341

zlib-debugsource-1.2.11-19.el8_6.s390x.rpm

SHA-256: d49402aa1280ff7b71d7f7ffb3796cc23ab838baf79fc62afea61eb090f7d420

zlib-static-1.2.11-19.el8_6.s390x.rpm

SHA-256: 3c44d209be04e8fd3404c895bafcc366434cbe6f1a159af978fd827e3aba6e79

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM

aarch64

zlib-debuginfo-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 70a1f101bce811cb22586d82ef7840ffdee305b9483e8488a4a6486e5ef3dc3c

zlib-debugsource-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 3ef1152fb51a565ed65a871b87f6ec88f97de0bf8f9ac1855f554c9f4a4c2b4e

zlib-static-1.2.11-19.el8_6.aarch64.rpm

SHA-256: 8d06cea3a0cd55a2772e4a89b6d4744dc8afdb6b0447e5177c10010b6f5cea0e

Related news

Ubuntu Security Notice USN-6736-1

Ubuntu Security Notice 6736-1 - It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.

CVE-2023-33225: SolarWinds Platform 2023.3 Release Notes

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:1095: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.

CVE-2022-46679: DSA-2022-323: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0470-01

Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...

Red Hat Security Advisory 2022-8291-01

Red Hat Security Advisory 2022-8291-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Issues addressed include a buffer over-read vulnerability.

Red Hat Security Advisory 2022-7434-01

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

Red Hat Security Advisory 2022-6882-01

Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.

RHSA-2022:7793: Red Hat Security Advisory: rsync security and enhancement update

An update for rsync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37434: zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

Red Hat Security Advisory 2022-7407-01

Red Hat Security Advisory 2022-7407-01 - Service Binding Operator 1.3.1 is now available for OpenShift Developer Tools and Services for OCP 4.9 +.

RHSA-2022:7407: Red Hat Security Advisory: Service Binding Operator 1.3.1 security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

Red Hat Security Advisory 2022-7313-01

Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

RHSA-2022:7313: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...

RHSA-2022:7201: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

CVE-2022-32929: About the security content of iOS 15.7.1 and iPadOS 15.7.1

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.

CVE-2022-32946: About the security content of iOS 16.1 and iPadOS 16

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

Gentoo Linux Security Advisory 202210-42

Gentoo Linux Security Advisory 202210-42 - A buffer overflow in zlib might allow an attacker to cause remote code execution. Versions less than 1.2.12-r3 are affected.

Apple Security Advisory 2022-10-27-12

Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.

CVE-2022-36368: IPFire 2.27 - Core Update 170 released - The IPFire Blog

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.

Ubuntu Security Notice USN-5570-2

Ubuntu Security Notice 5570-2 - USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

Ubuntu Security Notice USN-5573-1

Ubuntu Security Notice 5573-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5570-1

Ubuntu Security Notice 5570-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2022-37434: node/inflate.c at 75b68c6e4db515f76df73af476eccf382bbcb00a · nodejs/node

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).