Wednesday, November 13, 2024

[USN-7107-1] zlib vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmc07AAFAwAAAAAACgkQNfzInf03kcEt
iA//YwbTr6V1UqK6cMoxjsCpF2UtwLbenc6JYmumLCq2M05F/e0yS/7eRvKPR50ebEXQDwQ4Scqi
t7bn95YugTkPdRMEyW+U7AY2G+d6+GVa1WL8ruhiHxJYvdAUFfwmIm9ZFx0kFhfnl1Xdf77WoyqZ
7yde9tH5aYZ5YGoUnkOU0YpTkIWvUhGA5AJwtBc10dRfF/v9k5QQpKZ/sNN2BK/P5TNZwAcGj7MC
b1SbBYqxJDXppn68u/JTwzXqwIO+YcQbHmYoq4lQdbfRKOUmmma4bwVWqJPu5+UwbpJYFPGWdEQu
q2aet/HqLQTw9T6Lh1MM2Jrtstbs88IleTvFykrXzqgJXN6l0FqBYNzNenaTdRD0TG9BAp12MZYR
nvYMi7fV2cyCNYVkSoZLALPUk0hIX7/ZVEdH8BKziF/WuX9GtExNbapO5G5Rcesq1JZ0OC5yKpfo
jXR4V4n0jUtbiuV0GMda2OywNW5w5onsSRJrX7zDPHE+ig6MquYrViMRd8+SpM7OWvpkuZh9agQD
hCG5xY1JPvYp0g7/A3d98W9ylrKrNVze47iMWW79XJHmRv69rtNiVCvx9GfyxBoC6kLzrrkqDTet
pX41lcaZXvWRudZBbmtB3LHD8TZwi2JGeNdFrESSI9uOzcpobQQXX5EbCUJjEXTz1LTQoTmj9C7S
GMM=
=+Qk1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7107-1
November 13, 2024

zlib vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

zlib could be made to crash or run programs if it received
specially crafted input.

Software Description:
- zlib: Lossless data-compression library

Details:

It was discovered that Minizip in zlib incorrectly handled certain zip
header fields. An attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
lib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro
lib32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro
libx32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro
libx32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro
zlib-bin 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro
zlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro
zlib1g-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7107-1
CVE-2023-45853

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)