Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 18.04, 16.04, 14.04 Security Advisory USN-5570-1 Zlib DoS

ubuntu
Calendar Grey August 17, 2022
Dist Ubuntu Esm H88
The Ubuntu Security Advisory USN-5570-1 pertains to a vulnerability in zlib, which could potentially result in unauthorized code execution or service interruption.
zlib could be made to crash or run programs if it received specially crafted input.

Summary

zlib could be made to crash or run programs if it received specially

crafted input.

Software Description:

- zlib: Lossless data-compression library

Details:

Evgeny Legerov discovered that zlib incorrectly handled memory when

performing certain inflate operations. An attacker could use this issue

to cause zlib to crash, resulting in a denial of service, or possibly

execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   lib32z1                         1:1.2.11.dfsg-0ubuntu2.2
   lib64z1                         1:1.2.11.dfsg-0ubuntu2.2
   libx32z1                        1:1.2.11.dfsg-0ubuntu2.2
   zlib1g                          1:1.2.11.dfsg-0ubuntu2.2

Ubuntu 16.04 ESM:
   lib32z1                         1:1.2.8.dfsg-2ubuntu4.3+esm2
   lib64z1                         1:1.2.8.dfsg-2ubuntu4.3+esm2
   libx32z1                        1:1.2.8.dfsg-2ubuntu4.3+esm2
   zlib1g                          1:1.2.8.dfsg-2ubuntu4.3+esm2

Ubuntu 14.04 ESM:
   lib32z1                         1:1.2.8.dfsg-1ubuntu1.1+esm2
   lib64z1                         1:1.2.8.dfsg-1ubuntu1.1+esm2
   libx32z1                        1:1.2.8.dfsg-1ubuntu1.1+esm2
   zlib-bin                        1:1.2.8.dfsg-1ubuntu1.1+esm2
   zlib1g                          1:1.2.8.dfsg-1ubuntu1.1+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5570-1

CVE-2022-37434

Severity
critical
Lowest
Low
Medium
High
Critical

August 17, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.