Headline
RHSA-2022:1661: Red Hat Security Advisory: zlib security update
An update for zlib is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
Synopsis
Important: zlib security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for zlib is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Security Fix(es):
- zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.2 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64
Fixes
- BZ - 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
x86_64
zlib-1.2.11-17.el8_2.i686.rpm
SHA-256: f17ee7fedf93f889470f16bc956d5c34e98b6fb82be2bf859abf1e210d980c14
zlib-1.2.11-17.el8_2.x86_64.rpm
SHA-256: ae89894f5b1da4403a2362ceb5a18d0864799291ba488ae0bb059eeaba8359c5
zlib-debuginfo-1.2.11-17.el8_2.i686.rpm
SHA-256: f19a036f598216dc3dc9f9026fb1909bfcc1c9f14ceb4cef47e028fc2a38841a
zlib-debuginfo-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 97d0147d1e42f3a4d872e1f19c54e4d4d74294e2b4f5ac127f18b959dbc5877e
zlib-debugsource-1.2.11-17.el8_2.i686.rpm
SHA-256: 7799a1a7a62a83b1ec21ffae0ad07ee122036c5275f1d217ec2714993b5da88d
zlib-debugsource-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 56d78fdd69c3a7b5a02b980314cf7f2f52493434d2414bdc9abc805a2e3b9e90
zlib-devel-1.2.11-17.el8_2.i686.rpm
SHA-256: d91520f6dfcdfcd0b99afef29a32ae69ad991b861da7e9fb4549dfe7da442ff8
zlib-devel-1.2.11-17.el8_2.x86_64.rpm
SHA-256: fd021994d8071ea3642e37442513a0e73063b9124b4e2043158e84b2792e9684
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
x86_64
zlib-1.2.11-17.el8_2.i686.rpm
SHA-256: f17ee7fedf93f889470f16bc956d5c34e98b6fb82be2bf859abf1e210d980c14
zlib-1.2.11-17.el8_2.x86_64.rpm
SHA-256: ae89894f5b1da4403a2362ceb5a18d0864799291ba488ae0bb059eeaba8359c5
zlib-debuginfo-1.2.11-17.el8_2.i686.rpm
SHA-256: f19a036f598216dc3dc9f9026fb1909bfcc1c9f14ceb4cef47e028fc2a38841a
zlib-debuginfo-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 97d0147d1e42f3a4d872e1f19c54e4d4d74294e2b4f5ac127f18b959dbc5877e
zlib-debugsource-1.2.11-17.el8_2.i686.rpm
SHA-256: 7799a1a7a62a83b1ec21ffae0ad07ee122036c5275f1d217ec2714993b5da88d
zlib-debugsource-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 56d78fdd69c3a7b5a02b980314cf7f2f52493434d2414bdc9abc805a2e3b9e90
zlib-devel-1.2.11-17.el8_2.i686.rpm
SHA-256: d91520f6dfcdfcd0b99afef29a32ae69ad991b861da7e9fb4549dfe7da442ff8
zlib-devel-1.2.11-17.el8_2.x86_64.rpm
SHA-256: fd021994d8071ea3642e37442513a0e73063b9124b4e2043158e84b2792e9684
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
s390x
zlib-1.2.11-17.el8_2.s390x.rpm
SHA-256: 59fead7ed476975feb323422d4c7e334145f18e03737b0ba0fac0356b96e55e0
zlib-debuginfo-1.2.11-17.el8_2.s390x.rpm
SHA-256: 950b3c15ca9aa8873ab1c498d188eeb41288f3c31fe07535b63098e0b0c874d7
zlib-debugsource-1.2.11-17.el8_2.s390x.rpm
SHA-256: 0a0a705f55546ea2afa200cef123ccdece21e3724d7dd3fa229ec7b35d7d1054
zlib-devel-1.2.11-17.el8_2.s390x.rpm
SHA-256: 43ed52ad33d4b329f5bf74680f50b2f7a86332cc7a96814fa5aa84ebd8c58e98
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
ppc64le
zlib-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 9550da3cc9f4719242ba4ac70cb31dcab99096174dd7c48a43fd1532082aafdb
zlib-debuginfo-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 7ba092be9f4dbac286ebf817d63d4c381aaa577c8cd89dc1818e7b2b3bb8acd9
zlib-debugsource-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 86f91abfabf1a65cde01d3d6279c366df6cde9a0f2c7c8031af6250ef59f39b5
zlib-devel-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 4c9116da23e46ea7158ce4f009ed9b1d2d5088897ccf656d7dee15d8c970c89c
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
x86_64
zlib-1.2.11-17.el8_2.i686.rpm
SHA-256: f17ee7fedf93f889470f16bc956d5c34e98b6fb82be2bf859abf1e210d980c14
zlib-1.2.11-17.el8_2.x86_64.rpm
SHA-256: ae89894f5b1da4403a2362ceb5a18d0864799291ba488ae0bb059eeaba8359c5
zlib-debuginfo-1.2.11-17.el8_2.i686.rpm
SHA-256: f19a036f598216dc3dc9f9026fb1909bfcc1c9f14ceb4cef47e028fc2a38841a
zlib-debuginfo-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 97d0147d1e42f3a4d872e1f19c54e4d4d74294e2b4f5ac127f18b959dbc5877e
zlib-debugsource-1.2.11-17.el8_2.i686.rpm
SHA-256: 7799a1a7a62a83b1ec21ffae0ad07ee122036c5275f1d217ec2714993b5da88d
zlib-debugsource-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 56d78fdd69c3a7b5a02b980314cf7f2f52493434d2414bdc9abc805a2e3b9e90
zlib-devel-1.2.11-17.el8_2.i686.rpm
SHA-256: d91520f6dfcdfcd0b99afef29a32ae69ad991b861da7e9fb4549dfe7da442ff8
zlib-devel-1.2.11-17.el8_2.x86_64.rpm
SHA-256: fd021994d8071ea3642e37442513a0e73063b9124b4e2043158e84b2792e9684
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
aarch64
zlib-1.2.11-17.el8_2.aarch64.rpm
SHA-256: e753a9c75366591a95eccf52c23364e3b21f55eedfedfb96873beb11fe04dd17
zlib-debuginfo-1.2.11-17.el8_2.aarch64.rpm
SHA-256: e808e16b9dfb9fc90d7dfafda62e823b575d97dc4e25af0394ce7a3aff0e63f4
zlib-debugsource-1.2.11-17.el8_2.aarch64.rpm
SHA-256: 8c61cc023540ec3c2a3824cf1c4ea49c3b646c217b25b8b28c07df41e0738367
zlib-devel-1.2.11-17.el8_2.aarch64.rpm
SHA-256: 46287d5b0dc95c53291769781f549bd2b15507f0b3a856d3b3a79c2be73dfa0c
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
ppc64le
zlib-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 9550da3cc9f4719242ba4ac70cb31dcab99096174dd7c48a43fd1532082aafdb
zlib-debuginfo-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 7ba092be9f4dbac286ebf817d63d4c381aaa577c8cd89dc1818e7b2b3bb8acd9
zlib-debugsource-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 86f91abfabf1a65cde01d3d6279c366df6cde9a0f2c7c8031af6250ef59f39b5
zlib-devel-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 4c9116da23e46ea7158ce4f009ed9b1d2d5088897ccf656d7dee15d8c970c89c
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 8.2
SRPM
zlib-1.2.11-17.el8_2.src.rpm
SHA-256: cfcc189eed427abfa6af09ac5e7bb6bae09f44f688de79faac503c8722a4bd9a
x86_64
zlib-1.2.11-17.el8_2.i686.rpm
SHA-256: f17ee7fedf93f889470f16bc956d5c34e98b6fb82be2bf859abf1e210d980c14
zlib-1.2.11-17.el8_2.x86_64.rpm
SHA-256: ae89894f5b1da4403a2362ceb5a18d0864799291ba488ae0bb059eeaba8359c5
zlib-debuginfo-1.2.11-17.el8_2.i686.rpm
SHA-256: f19a036f598216dc3dc9f9026fb1909bfcc1c9f14ceb4cef47e028fc2a38841a
zlib-debuginfo-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 97d0147d1e42f3a4d872e1f19c54e4d4d74294e2b4f5ac127f18b959dbc5877e
zlib-debugsource-1.2.11-17.el8_2.i686.rpm
SHA-256: 7799a1a7a62a83b1ec21ffae0ad07ee122036c5275f1d217ec2714993b5da88d
zlib-debugsource-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 56d78fdd69c3a7b5a02b980314cf7f2f52493434d2414bdc9abc805a2e3b9e90
zlib-devel-1.2.11-17.el8_2.i686.rpm
SHA-256: d91520f6dfcdfcd0b99afef29a32ae69ad991b861da7e9fb4549dfe7da442ff8
zlib-devel-1.2.11-17.el8_2.x86_64.rpm
SHA-256: fd021994d8071ea3642e37442513a0e73063b9124b4e2043158e84b2792e9684
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2
SRPM
x86_64
zlib-debuginfo-1.2.11-17.el8_2.i686.rpm
SHA-256: f19a036f598216dc3dc9f9026fb1909bfcc1c9f14ceb4cef47e028fc2a38841a
zlib-debuginfo-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 97d0147d1e42f3a4d872e1f19c54e4d4d74294e2b4f5ac127f18b959dbc5877e
zlib-debugsource-1.2.11-17.el8_2.i686.rpm
SHA-256: 7799a1a7a62a83b1ec21ffae0ad07ee122036c5275f1d217ec2714993b5da88d
zlib-debugsource-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 56d78fdd69c3a7b5a02b980314cf7f2f52493434d2414bdc9abc805a2e3b9e90
zlib-static-1.2.11-17.el8_2.i686.rpm
SHA-256: 436e1bba98371dd8ca3561dbd0e488207697ea7019292bb523f30bcbbfbc1ff3
zlib-static-1.2.11-17.el8_2.x86_64.rpm
SHA-256: 6c53a2a63e118ec890e7dfcb8b208b4ed9f2bf1e96b110d489a603fe553df3da
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2
SRPM
ppc64le
zlib-debuginfo-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 7ba092be9f4dbac286ebf817d63d4c381aaa577c8cd89dc1818e7b2b3bb8acd9
zlib-debugsource-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 86f91abfabf1a65cde01d3d6279c366df6cde9a0f2c7c8031af6250ef59f39b5
zlib-static-1.2.11-17.el8_2.ppc64le.rpm
SHA-256: 706f94b397995df1a1b799d536ca7fe8652610dfe844a34d9a42d5c0e2d77f10
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2
SRPM
s390x
zlib-debuginfo-1.2.11-17.el8_2.s390x.rpm
SHA-256: 950b3c15ca9aa8873ab1c498d188eeb41288f3c31fe07535b63098e0b0c874d7
zlib-debugsource-1.2.11-17.el8_2.s390x.rpm
SHA-256: 0a0a705f55546ea2afa200cef123ccdece21e3724d7dd3fa229ec7b35d7d1054
zlib-static-1.2.11-17.el8_2.s390x.rpm
SHA-256: 296320498604cf7e3cf9d76b361274415409bb192c3bec64242e7213c8b71ecc
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2
SRPM
aarch64
zlib-debuginfo-1.2.11-17.el8_2.aarch64.rpm
SHA-256: e808e16b9dfb9fc90d7dfafda62e823b575d97dc4e25af0394ce7a3aff0e63f4
zlib-debugsource-1.2.11-17.el8_2.aarch64.rpm
SHA-256: 8c61cc023540ec3c2a3824cf1c4ea49c3b646c217b25b8b28c07df41e0738367
zlib-static-1.2.11-17.el8_2.aarch64.rpm
SHA-256: 70fd7e678126ed5a9428c0a693ed2adb860a0ff54ca3d5ad16d19eb40cecb3d5
Related news
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
Red Hat OpenShift Container Platform release 4.10.12 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27652: cri-o: Default inheritable capabilities for linux container should be empty
Red Hat Security Advisory 2022-1661-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Red Hat Security Advisory 2022-1663-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-1662-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-1646-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.
Updated Red Hat JBoss Web Server 5.6.2 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat JBoss Web Server 5.6.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
An update for gzip is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43818: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through
An update for python27-python and python27-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler * CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response * CVE-2021-4189: python: ftplib should not use the host from the PASV response * CVE-2022-0391: python: urllib.parse does not sanitize URLs containing AS...
An update for rh-maven36-maven-shared-utils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20206: containernetworking-cni: Arbitrary path injection via type field in CNI configuration