Discover Government News

=========================================================================Ubuntu Security Notice USN-5570-2
October 17, 2022

zlib vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

zlib could be made to crash or run programs if it received specially
crafted input.

Software Description:
- zlib: Lossless data-compression library

Details:

USN-5570-1 fixed a vulnerability in zlib. This update provides the
corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.

Original advisory details:

  Evgeny Legerov discovered that zlib incorrectly handled memory when
  performing certain inflate operations. An attacker could use this issue
  to cause zlib to crash, resulting in a denial of service, or possibly
  execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   lib32z1                         1:1.2.11.dfsg-2ubuntu9.2
   lib64z1                         1:1.2.11.dfsg-2ubuntu9.2
   libx32z1                        1:1.2.11.dfsg-2ubuntu9.2
   zlib1g                          1:1.2.11.dfsg-2ubuntu9.2

Ubuntu 20.04 LTS:
   lib32z1                         1:1.2.11.dfsg-2ubuntu1.5
   lib64z1                         1:1.2.11.dfsg-2ubuntu1.5
   libx32z1                        1:1.2.11.dfsg-2ubuntu1.5
   zlib1g                          1:1.2.11.dfsg-2ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5570-2
   https://ubuntu.com/security/notices/USN-5570-1
   CVE-2022-37434

Package Information:
   https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-2ubuntu9.2
   https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-2ubuntu1.5

Ubuntu 5570-2: zlib vulnerability

October 17, 2022
zlib could be made to crash or run programs if it received specially crafted input.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: lib32z1 1:1.2.11.dfsg-2ubuntu9.2 lib64z1 1:1.2.11.dfsg-2ubuntu9.2 libx32z1 1:1.2.11.dfsg-2ubuntu9.2 zlib1g 1:1.2.11.dfsg-2ubuntu9.2 Ubuntu 20.04 LTS: lib32z1 1:1.2.11.dfsg-2ubuntu1.5 lib64z1 1:1.2.11.dfsg-2ubuntu1.5 libx32z1 1:1.2.11.dfsg-2ubuntu1.5 zlib1g 1:1.2.11.dfsg-2ubuntu1.5 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5570-2

https://ubuntu.com/security/notices/USN-5570-1

CVE-2022-37434

Severity
October 17, 2022

Package Information

https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-2ubuntu9.2 https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-2ubuntu1.5

Related News