ISN 2022-09: Zlib Vulnerability
Updated 29th April 2022 (IGEL OS 11.07.110 available)
First published 8th April 2022
CVSS 3.1 Base Score: 8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
A vulnerability has been found in the Zlib compression library. This affects the following IGEL products:
- IGEL OS 11
- IGEL OS 10
Details
When compressing specially crafted input, Zlib can run into an error that causes memory corruption, could crash applications, and could potentially lead to code execution. This issue has been registered as CVE-2018-25032 and is rated as high.
Update instructions
- IGEL OS 11: Update to IGEL OS 11.07.110 or newer.
- IGEL OS 10: Upgrade to IGEL OS 11.07.110 or newer.
References
CVE-2018-25032: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032