A security vulnerability has been found in the Zlib compression library used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
The MiniZip component in Zlib contains an integer overflow and resultant heap-based buffer overflow via a long filename, comment, or extra field. This could enable an attacker to execute arbitrary code via constructed input. This vulnerability is tracked as CVE-2023-45853 and rated critical.
Update Instructions
OS 12: Update to IGEL OS version 12.2.2 PR (Patch Release) 2 or 12.3.0 when available.
OS 11: Update to IGEL OS version 11.09.160 when available.