| Summary: | zlib new security issue CVE-2018-25032 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | zlib-1.2.11-11.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-03-24 14:30:58 CET
SRPM: zlib-1.2.11-9.1.mga8.src.rpm i586: libminizip1-1.2.11-9.1.mga8.i586.rpm libminizip-devel-1.2.11-9.1.mga8.i586.rpm libzlib1-1.2.11-9.1.mga8.i586.rpm libzlib-devel-1.2.11-9.1.mga8.i586.rpm libzlib-static-devel-1.2.11-9.1.mga8.i586.rpm x86_64: lib64minizip1-1.2.11-9.1.mga8.x86_64.rpm lib64minizip-devel-1.2.11-9.1.mga8.x86_64.rpm lib64zlib1-1.2.11-9.1.mga8.x86_64.rpm lib64zlib-devel-1.2.11-9.1.mga8.x86_64.rpm lib64zlib-static-devel-1.2.11-9.1.mga8.x86_64.rpm Version:
Cauldron =>
8 It now have a CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
David Walser
2022-03-25 20:51:46 CET
Summary:
zlib new security issue fixed upstream =>
zlib new security issue CVE-2018-25032 MGA8-64 Plasma on Lenovo B50 in Dutch No installattion issues. Ref bug 19529 for tests, but I run into problems with qt-fsarchiver (it wants a qt-fsarchiver-terminal which I do nt find), and with nmapfe that does not exists (anymore?) at all. CC:
(none) =>
herman.viaene (In reply to Thomas Backlund from comment #2) > It now have a CVE > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 Reference: https://www.openwall.com/lists/oss-security/2022/03/25/2 I think I'll rebase to recently released 1.2.12 to pick up the other bugfixes at the same time... Keywords:
(none) =>
feedback Changelog for 1.2.12: https://www.zlib.net/ChangeLog.txt new rpms: SRPM: zlib-1.2.12-1.mga8.src.rpm i586: libminizip1-1.2.12-1.mga8.i586.rpm libminizip-devel-1.2.12-1.mga8.i586.rpm libzlib1-1.2.12-1.mga8.i586.rpm libzlib-devel-1.2.12-1.mga8.i586.rpm libzlib-static-devel-1.2.12-1.mga8.i586.rpm x86_64: lib64minizip1-1.2.12-1.mga8.x86_64.rpm lib64minizip-devel-1.2.12-1.mga8.x86_64.rpm lib64zlib1-1.2.12-1.mga8.x86_64.rpm lib64zlib-devel-1.2.12-1.mga8.x86_64.rpm lib64zlib-static-devel-1.2.12-1.mga8.x86_64.rpm Keywords:
feedback =>
(none) (In reply to Herman Viaene from comment #3) > MGA8-64 Plasma on Lenovo B50 in Dutch > No installattion issues. > Ref bug 19529 for tests, but I run into problems with qt-fsarchiver (it > wants a qt-fsarchiver-terminal which I do nt find), and with nmapfe that > does not exists (anymore?) at all. The following 3 packages are going to be installed: - lib64minizip1-1.2.12-1.mga8.x86_64 - lib64zlib-devel-1.2.12-1.mga8.x86_64 - lib64zlib1-1.2.12-1.mga8.x86_64 MGA8-64 Plasma in English. No installation issues here, either. Looked over Bug 19529. Since fsarchiver is having issues, I decided to try something else: Handbrake. $ strace -o zlib.txt ghb Converted three videos from various container types to .mp4. Examined the resulting strace file, and found one reference to /lib64/libz.so.1. Did another strace with Ark, where I extracted some screenshots from a tar.gz file, and there I again found a single reference to libz.so.1. Looks OK to me. Validating. Whiteboard:
(none) =>
MGA8-64-OK
Dave Hodgins
2022-03-31 20:47:47 CEST
CC:
(none) =>
davidwhodgins Ubuntu has issued an advisory for this on March 30: https://ubuntu.com/security/notices/USN-5355-1 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0124.html Resolution:
(none) =>
FIXED |