Discover Government News

=========================================================================Ubuntu Security Notice USN-5570-1
August 17, 2022

zlib vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

zlib could be made to crash or run programs if it received specially
crafted input.

Software Description:
- zlib: Lossless data-compression library

Details:

Evgeny Legerov discovered that zlib incorrectly handled memory when
performing certain inflate operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   lib32z1                         1:1.2.11.dfsg-0ubuntu2.2
   lib64z1                         1:1.2.11.dfsg-0ubuntu2.2
   libx32z1                        1:1.2.11.dfsg-0ubuntu2.2
   zlib1g                          1:1.2.11.dfsg-0ubuntu2.2

Ubuntu 16.04 ESM:
   lib32z1                         1:1.2.8.dfsg-2ubuntu4.3+esm2
   lib64z1                         1:1.2.8.dfsg-2ubuntu4.3+esm2
   libx32z1                        1:1.2.8.dfsg-2ubuntu4.3+esm2
   zlib1g                          1:1.2.8.dfsg-2ubuntu4.3+esm2

Ubuntu 14.04 ESM:
   lib32z1                         1:1.2.8.dfsg-1ubuntu1.1+esm2
   lib64z1                         1:1.2.8.dfsg-1ubuntu1.1+esm2
   libx32z1                        1:1.2.8.dfsg-1ubuntu1.1+esm2
   zlib-bin                        1:1.2.8.dfsg-1ubuntu1.1+esm2
   zlib1g                          1:1.2.8.dfsg-1ubuntu1.1+esm2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5570-1
   CVE-2022-37434

Package Information:
   https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-0ubuntu2.2

Ubuntu 5570-1: zlib vulnerability

August 17, 2022
zlib could be made to crash or run programs if it received specially crafted input.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: lib32z1 1:1.2.11.dfsg-0ubuntu2.2 lib64z1 1:1.2.11.dfsg-0ubuntu2.2 libx32z1 1:1.2.11.dfsg-0ubuntu2.2 zlib1g 1:1.2.11.dfsg-0ubuntu2.2 Ubuntu 16.04 ESM: lib32z1 1:1.2.8.dfsg-2ubuntu4.3+esm2 lib64z1 1:1.2.8.dfsg-2ubuntu4.3+esm2 libx32z1 1:1.2.8.dfsg-2ubuntu4.3+esm2 zlib1g 1:1.2.8.dfsg-2ubuntu4.3+esm2 Ubuntu 14.04 ESM: lib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm2 lib64z1 1:1.2.8.dfsg-1ubuntu1.1+esm2 libx32z1 1:1.2.8.dfsg-1ubuntu1.1+esm2 zlib-bin 1:1.2.8.dfsg-1ubuntu1.1+esm2 zlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5570-1

CVE-2022-37434

Severity
August 17, 2022

Package Information

https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-0ubuntu2.2

Related News