Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Gentoo: GLSA-202401-18 High: zlib Buffer Overflow Threat Detected

gentoo
Calendar Grey January 15, 2024
Dist Gentoo Esm H88
Critical alert for Gentoo users regarding a severe zlib vulnerability. Update at once to protect your systems.
A vulnerability has been found in zlib that can lead to a heap-based buffer overflow.

Summary

A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details.

Resolution

All zlib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.13-r2"

References

[ 1 ] CVE-2023-45853 https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202401-18
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: High
Title: zlib: Buffer Overflow
Date: January 15, 2024
Bugs: #916484
ID: 202401-18

Synopsis

A vulnerability has been found in zlib that can lead to a heap-based buffer overflow.

Background

zlib is a widely used free and patent unencumbered data compression library.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Package Vulnerable Unaffected ------------- ------------ ------------ sys-libs/zlib < 1.2.13-r2 >= 1.2.13-r2

Impact

MiniZip in zlib through 1.3 has an integer overflow and resultant heap- based buffer overflow in ZipOpenNewFileInZip4_64 via a long filename, comment, or extra field.

Workaround

There is no known workaround at this time.

Your message here