Greetings list, I was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. I reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as I know, nobody ever assigned it a CVE. https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 As far as I can tell, no distros have picked this up. Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger taviso _\_V _( ) _( ) @taviso
Created zlib tracking bugs for this issue: Affects: fedora-all [bug 2068066]
*** Bug 2068073 has been marked as a duplicate of this bug. ***
Created mingw-zlib tracking bugs for this issue: Affects: fedora-all [bug 2068368] Created rsync tracking bugs for this issue: Affects: fedora-all [bug 2068369]
Created BackupPC-XS tracking bugs for this issue: Affects: epel-all [bug 2070867] Affects: fedora-all [bug 2070868]
The issue wasn't publicly labelled as security vulnerability until 2022, but the fix was public since 2018.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1591 https://access.redhat.com/errata/RHSA-2022:1591
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1642 https://access.redhat.com/errata/RHSA-2022:1642
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1661 https://access.redhat.com/errata/RHSA-2022:1661
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:2197 https://access.redhat.com/errata/RHSA-2022:2197
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:2192 https://access.redhat.com/errata/RHSA-2022:2192
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:2214 https://access.redhat.com/errata/RHSA-2022:2214
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:2198 https://access.redhat.com/errata/RHSA-2022:2198
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:2201 https://access.redhat.com/errata/RHSA-2022:2201
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:2213 https://access.redhat.com/errata/RHSA-2022:2213
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4584 https://access.redhat.com/errata/RHSA-2022:4584
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4592 https://access.redhat.com/errata/RHSA-2022:4592
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4845 https://access.redhat.com/errata/RHSA-2022:4845
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-25032
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7813 https://access.redhat.com/errata/RHSA-2022:7813
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8420 https://access.redhat.com/errata/RHSA-2022:8420
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2023:0943 https://access.redhat.com/errata/RHSA-2023:0943
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Via RHSA-2023:0975 https://access.redhat.com/errata/RHSA-2023:0975
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2023:0976 https://access.redhat.com/errata/RHSA-2023:0976