From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 58E36158020 for ; Mon, 31 Oct 2022 20:40:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 46ACE2BC16A; Mon, 31 Oct 2022 20:39:43 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A1F472BC13E for ; Mon, 31 Oct 2022 20:37:02 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id 1DA4A340948 for ; Mon, 31 Oct 2022 20:37:02 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id F02BF8D1B3 for ; Mon, 31 Oct 2022 20:37:01 +0000 (-00) Subject: [gentoo-announce] [ GLSA 202210-42 ] zlib: Multiple vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============1925449111430736411==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Mon, 31 Oct 2022 20:37:01 -0000 Message-ID: <166724862197.9.17924926228220954705@90bb6a0775af> X-Archives-Salt: 818e0b56-ecd5-4ee5-bc6c-b7ccf001888b X-Archives-Hash: e03dba52fdc7580f6e5f709654e68297 --===============1925449111430736411== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-42 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: zlib: Multiple vulnerabilities Date: October 31, 2022 Bugs: #863851, #835958 ID: 202210-42 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in zlib might allow an attacker to cause remote code execution. Background ========== zlib is a widely used free and patent unencumbered data compression library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/zlib < 1.2.12-r3 >= 1.2.12-r3 Description =========== Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details. Impact ====== Maliciously crafted input handled by zlib may result in remote code execution. Workaround ========== There is no known workaround at this time. Resolution ========== All zlib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.12-r3" References ========== [ 1 ] CVE-2018-25032 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 [ 2 ] CVE-2022-37434 https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-42 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============1925449111430736411== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmNgMe0ACgkQFMQkOaVy +9l8UA/5AVewDqREwUvi1fZjKvUok4rteinizTBHOPAOR5TGRPFEsUyXRHPto5iO mPsv1zLkkT+xL27bGJK5gLpUqfFl4gG4wlUIBdOk/vqxuazMR15JomCE7J9IzrU2 bP10gNYS9f1X5E2OGvHAU6FUMITwUdxrkrzoNIllK7a93Hcg3e1wFBAlpsncYwFL LLQ5XIX7SW/TN1BRUB8+uFanKWakgl/sGrDaBc/7Pp7maYR1CDAzMDYwvhUzYmUP gflDpGJbTGQdLKNLjjtmo4OvZKr8iDtyMVc6RZptnkqBewnXnqbiJUY6uYJNFm5M SSkGTet03L92BAF2NKvDlKJGwO4dlIF+76hrg9n2m6u6CUuNBwCw9Sle/b6S9uzN /xTyydwkJ5ToDBNZ+2DtO8bGMWLErx0iXx630jst/wkVTysx8/2OA9G/FTWtEJ5u KGjpLbzwpxRTADi4BnAgOknt8sGn+wXl98zB+qQtmBtfkrnGYmoDzQbA8R8kbCVU tcrKizuSAsCr3hPsKBJ9Fqr49SmeAYS7Gao/fo46OK8GdNBq6AeBYdf54VV94nid bXzh/YtyTyfeEUn6InWl2BYQ4thEhhWn1Rw0TBN6QPXeeulMKKKx5VLz8XZNRtoX zPpCLhONXz/G9NnHg/o0aynaEmXLnB8MapAYXaE3ow3nCbvJuJY= =I7sK -----END PGP SIGNATURE----- --===============1925449111430736411==--