SUSE-SU-2023:4217-1

Опубликовано: 26 окт. 2023

Источник: suse-cvrf

Описание

Security update for zlib

This update for zlib fixes the following issues:

CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378).

Список пакетов

Container bci/bci-init:15.4

libz1-1.2.11-150000.3.48.1

Container bci/bci-minimal:15.4

libz1-1.2.11-150000.3.48.1

Container bci/node:16

libz1-1.2.11-150000.3.48.1

Container bci/python:3

libz1-1.2.11-150000.3.48.1

Container caasp/v4/cilium-operator:1.6.6

libz1-1.2.11-150000.3.48.1

Container caasp/v4/cilium:1.6.6

libz1-1.2.11-150000.3.48.1

Container rancher/elemental-teal-rt/5.4:latest

libz1-1.2.11-150000.3.48.1

Container rancher/elemental-teal/5.4:latest

libz1-1.2.11-150000.3.48.1

Container suse/ltss/sle15.3/bci-base-fips:latest

libz1-1.2.11-150000.3.48.1

Container suse/ltss/sle15.3/bci-base:latest

libz1-1.2.11-150000.3.48.1

Container suse/ltss/sle15.4/bci-base-fips:latest

libz1-1.2.11-150000.3.48.1

Container suse/ltss/sle15.4/bci-base:latest

libz1-1.2.11-150000.3.48.1

Container suse/manager/4.3/proxy-httpd:latest

libz1-1.2.11-150000.3.48.1

Container suse/manager/4.3/proxy-salt-broker:latest

libz1-1.2.11-150000.3.48.1

Container suse/manager/4.3/proxy-squid:latest

libz1-1.2.11-150000.3.48.1

Container suse/manager/4.3/proxy-ssh:latest

libz1-1.2.11-150000.3.48.1

Container suse/manager/4.3/proxy-tftpd:latest

libz1-1.2.11-150000.3.48.1

Container suse/pcp:5

libz1-1.2.11-150000.3.48.1

Container suse/postgres:14

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro-rancher/5.2:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro-rancher/5.3:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro-rancher/5.4:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro/5.1/toolbox:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro/5.2/toolbox:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro/5.3/toolbox:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle-micro/5.4/toolbox:latest

libz1-1.2.11-150000.3.48.1

Container suse/sle15:15.1

libz1-1.2.11-150000.3.48.1

Container suse/sle15:15.2

libz1-1.2.11-150000.3.48.1

Container suse/sle15:15.3

libz1-1.2.11-150000.3.48.1

Container suse/sle15:15.4

libz1-1.2.11-150000.3.48.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP2-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-HPC-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP2-SAP-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-BYOS-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-CHOST-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-CHOST-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-CHOST-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-HPC-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-HPC-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP3-SAP-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-SAP-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP3-SAPCAL-Azure

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP3-SAPCAL-GCE

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-CHOST-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-CHOST-BYOS-Aliyun

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-CHOST-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-CHOST-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-CHOST-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-CHOST-BYOS-SAP-CCloud

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-HPC-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-HPC-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-HPC-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-HPC-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-HPC-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-HPC-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Hardened-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Hardened-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Hardened-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Hardened-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-3

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-3-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-3-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-3-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-3-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-3-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-Micro-5-4-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Azure

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-EC2

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-GCE

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAP-Hardened-GCE

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SAPCAL

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAPCAL-Azure

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAPCAL-EC2

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SAPCAL-GCE

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

libz1-1.2.11-150000.3.48.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

libz1-1.2.11-150000.3.48.1

SUSE Linux Enterprise Micro 5.1

libz1-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

SUSE Linux Enterprise Micro 5.2

libz1-1.2.11-150000.3.48.1

SUSE Linux Enterprise Micro 5.3

libz1-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

SUSE Linux Enterprise Micro 5.4

libz1-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libminizip1-1.2.11-150000.3.48.1

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

minizip-devel-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

zlib-devel-static-1.2.11-150000.3.48.1

SUSE Linux Enterprise Module for Development Tools 15 SP4

zlib-devel-32bit-1.2.11-150000.3.48.1

SUSE Manager Proxy 4.2

libminizip1-1.2.11-150000.3.48.1

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

minizip-devel-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

zlib-devel-static-1.2.11-150000.3.48.1

SUSE Manager Server 4.2

libminizip1-1.2.11-150000.3.48.1

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

minizip-devel-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

zlib-devel-static-1.2.11-150000.3.48.1

openSUSE Leap 15.4

libminizip1-1.2.11-150000.3.48.1

libminizip1-32bit-1.2.11-150000.3.48.1

libz1-1.2.11-150000.3.48.1

libz1-32bit-1.2.11-150000.3.48.1

minizip-devel-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

zlib-devel-32bit-1.2.11-150000.3.48.1

zlib-devel-static-1.2.11-150000.3.48.1

zlib-devel-static-32bit-1.2.11-150000.3.48.1

openSUSE Leap Micro 5.3

libz1-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

openSUSE Leap Micro 5.4

libz1-1.2.11-150000.3.48.1

zlib-devel-1.2.11-150000.3.48.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234217-1/
Link for SUSE-SU-2023:4217-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016850.html
E-Mail link for SUSE-SU-2023:4217-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216378
SUSE Bug 1216378
https://www.suse.com/security/cve/CVE-2023-45853/
SUSE CVE CVE-2023-45853 page

Описание

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Затронутые продукты

Container bci/bci-init:15.4:libz1-1.2.11-150000.3.48.1

Container bci/bci-minimal:15.4:libz1-1.2.11-150000.3.48.1

Container bci/node:16:libz1-1.2.11-150000.3.48.1

Container bci/python:3:libz1-1.2.11-150000.3.48.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-45853.html
CVE-2023-45853
https://bugzilla.suse.com/1216378
SUSE Bug 1216378