Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves two vulnerabilities can now be installed.. # Security update for zlib Announcement ID: SUSE-SU-2026:21013-1 Release Date: 2026-04-09T11:25:32Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-502=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html *https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 . Update for zlib addresses two issues, including a buffer overflow and infinite loop vulnerability. Install recommended patch now.. SUSE Linux, zlib update, moderate severity, buffer overflow fix. . LinuxSecurity.com Team
MGASA-2026-0076 - Updated zlib packages fix security vulnerability. MGASA-2026-0076 - Updated zlib packages fix security vulnerability Publication date: 31 Mar 2026 URL: https://advisories.mageia.org/MGASA-2026-0076.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-27171 Description: zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. (CVE-2026-27171) References: - https://bugs.mageia.org/show_bug.cgi?id=35291 - https://bugzilla.redhat.com/show_bug.cgi?id=2440530 - https://ubuntu.com/security/CVE-2026-27171 - https://security-tracker.debian.org/tracker/CVE-2026-27171 - https://www.cve.org/CVERecord?id=CVE-2026-27171 SRPMS: - 9/core/zlib-1.2.13-1.4.mga9 . Updated zlib packages for Mageia address critical security risks to prevent CPU consumption.. Mageia zlib security patch, CPU consumption vulnerability, security advisory Mageia, DoS vulnerability zlib. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for zlib Announcement ID: SUSE-SU-2026:20709-1 Release Date: 2026-03-09T09:56:07Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-610=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libz1-1.2.13-7.1 * zlib-debugsource-1.2.13-7.1 * zlib-devel-1.2.13-7.1 * libz1-debuginfo-1.2.13-7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 *https://bugzilla.suse.com/show_bug.cgi?id=1258392 . Update for zlib fixes two vulnerabilities including heap-based buffer overflow and infinite loop for SUSE systems.. zlib update, SUSE security fix, buffer overflow issue. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for zlib Announcement ID: SUSE-SU-2026:0783-1 Release Date: 2026-03-03T13:36:31Z Rating: moderate References: * bsc#1258392 Cross-References: * CVE-2026-27171 CVSS scores: * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for zlib fixes the following issue: * CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-783=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-783=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-783=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-783=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-783=1 ## Package List: * Development Tools Module 15-SP7 (x86_64) * zlib-devel-32bit-1.2.13-150500.4.6.1 *openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * zlib-devel-static-1.2.13-150500.4.6.1 * zlib-testsuite-debuginfo-1.2.13-150500.4.6.1 * libminizip1-debuginfo-1.2.13-150500.4.6.1 * libminizip1-1.2.13-150500.4.6.1 * zlib-devel-1.2.13-150500.4.6.1 * zlib-testsuite-1.2.13-150500.4.6.1 * libz1-1.2.13-150500.4.6.1 * zlib-debugsource-1.2.13-150500.4.6.1 * libz1-debuginfo-1.2.13-150500.4.6.1 * minizip-devel-1.2.13-150500.4.6.1 * openSUSE Leap 15.5 (x86_64) * libz1-32bit-debuginfo-1.2.13-150500.4.6.1 * libz1-32bit-1.2.13-150500.4.6.1 * zlib-devel-static-32bit-1.2.13-150500.4.6.1 * libminizip1-32bit-debuginfo-1.2.13-150500.4.6.1 * zlib-devel-32bit-1.2.13-150500.4.6.1 * libminizip1-32bit-1.2.13-150500.4.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libminizip1-64bit-debuginfo-1.2.13-150500.4.6.1 * libz1-64bit-1.2.13-150500.4.6.1 * libz1-64bit-debuginfo-1.2.13-150500.4.6.1 * zlib-devel-64bit-1.2.13-150500.4.6.1 * zlib-devel-static-64bit-1.2.13-150500.4.6.1 * libminizip1-64bit-1.2.13-150500.4.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.13-150500.4.6.1 * zlib-testsuite-debuginfo-1.2.13-150500.4.6.1 * libminizip1-debuginfo-1.2.13-150500.4.6.1 * libminizip1-1.2.13-150500.4.6.1 * zlib-devel-1.2.13-150500.4.6.1 * zlib-testsuite-1.2.13-150500.4.6.1 * libz1-1.2.13-150500.4.6.1 * zlib-debugsource-1.2.13-150500.4.6.1 * libz1-debuginfo-1.2.13-150500.4.6.1 * minizip-devel-1.2.13-150500.4.6.1 * openSUSE Leap 15.6 (x86_64) * libz1-32bit-debuginfo-1.2.13-150500.4.6.1 * libz1-32bit-1.2.13-150500.4.6.1 * zlib-devel-static-32bit-1.2.13-150500.4.6.1 * libminizip1-32bit-debuginfo-1.2.13-150500.4.6.1 * zlib-devel-32bit-1.2.13-150500.4.6.1 * libminizip1-32bit-1.2.13-150500.4.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libz1-debuginfo-1.2.13-150500.4.6.1 * zlib-devel-1.2.13-150500.4.6.1 *zlib-debugsource-1.2.13-150500.4.6.1 * libz1-1.2.13-150500.4.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * zlib-devel-static-1.2.13-150500.4.6.1 * libminizip1-debuginfo-1.2.13-150500.4.6.1 * libminizip1-1.2.13-150500.4.6.1 * zlib-devel-1.2.13-150500.4.6.1 * libz1-1.2.13-150500.4.6.1 * zlib-debugsource-1.2.13-150500.4.6.1 * libz1-debuginfo-1.2.13-150500.4.6.1 * minizip-devel-1.2.13-150500.4.6.1 * Basesystem Module 15-SP7 (x86_64) * libz1-32bit-debuginfo-1.2.13-150500.4.6.1 * libz1-32bit-1.2.13-150500.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1258392 . An important moderation update for zlib on openSUSE addresses an infinite loop vulnerability effectively. Install now!. zlib update, openSUSE security, infinite loop fix, SUSE advisory. . LinuxSecurity.com Team
MGASA-2026-0006 - Updated zlib packages fix security vulnerability. MGASA-2026-0006 - Updated zlib packages fix security vulnerability Publication date: 11 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0006.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-22184 Description: zlib
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-8314 http://linux.oracle.com/errata/ELSA-2025-8314.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: minizip-1.2.7-21.0.1.el7_9.i686.rpm minizip-1.2.7-21.0.1.el7_9.x86_64.rpm minizip-devel-1.2.7-21.0.1.el7_9.i686.rpm minizip-devel-1.2.7-21.0.1.el7_9.x86_64.rpm zlib-1.2.7-21.0.1.el7_9.i686.rpm zlib-1.2.7-21.0.1.el7_9.x86_64.rpm zlib-devel-1.2.7-21.0.1.el7_9.i686.rpm zlib-devel-1.2.7-21.0.1.el7_9.x86_64.rpm zlib-static-1.2.7-21.0.1.el7_9.i686.rpm zlib-static-1.2.7-21.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//zlib-1.2.7-21.0.1.el7_9.src.rpm Related CVEs: CVE-2016-9840 Description of changes: [1.2.7-21.0.1] - Resolves: CVE-2025-4638 [Orabug: 38010977] _______________________________________________ El-errata mailing list
zlib could be made to crash or run programs if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7107-1 November 13, 2024 zlib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: zlib could be made to crash or run programs if it received specially crafted input. Software Description: - zlib: Lossless data-compression library Details: It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS lib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro lib32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro libx32z1 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro libx32z1-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro zlib-bin 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro zlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro zlib1g-dev 1:1.2.8.dfsg-1ubuntu1.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7107-1 CVE-2023-45853 . Concerning the zlib vulnerability USN-7107-1 affecting Ubuntu systems: it’s crucial to implement updates to avert potential system failures as well as unauthorized code execution.. Ubuntu Security, zlib Advisory, Denial of Service, Code Execution, Software Update. . Severity: Critical. LinuxSecurity.com Team
* bsc#1216378 Cross-References: * CVE-2023-45853 . # Security update for zlib Announcement ID: SUSE-SU-2024:2431-1 Rating: moderate References: * bsc#1216378 Cross-References: * CVE-2023-45853 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2431=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (ppc64le) * zlib-devel-1.2.13-150500.4.3.1 * libz1-debuginfo-1.2.13-150500.4.3.1 * zlib-debugsource-1.2.13-150500.4.3.1 * libz1-1.2.13-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 . The latest patch for zlib resolves a critical integer overflow vulnerability that could result in a buffer overflow affecting SUSE Linux Enterprise Micro 5.5.. zlib Security Update, SUSE Linux Update, buffer overflow patch. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.