Описание
Security update for zlib
This update for zlib fixes the following issues:
- CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392)
- CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378)
Список пакетов
openSUSE Leap 16.0
libminizip1-1.2.13-160000.3.1
libminizip1-x86-64-v3-1.2.13-160000.3.1
libz1-1.2.13-160000.3.1
libz1-x86-64-v3-1.2.13-160000.3.1
minizip-devel-1.2.13-160000.3.1
zlib-devel-1.2.13-160000.3.1
zlib-devel-static-1.2.13-160000.3.1
zlib-testsuite-1.2.13-160000.3.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1216378
- SUSE Bug 1258392
- SUSE CVE CVE-2023-45853 page
- SUSE CVE CVE-2026-27171 page
Описание
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Затронутые продукты
openSUSE Leap 16.0:libminizip1-1.2.13-160000.3.1
openSUSE Leap 16.0:libminizip1-x86-64-v3-1.2.13-160000.3.1
openSUSE Leap 16.0:libz1-1.2.13-160000.3.1
openSUSE Leap 16.0:libz1-x86-64-v3-1.2.13-160000.3.1
Ссылки
- CVE-2023-45853
- SUSE Bug 1216378
Описание
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Затронутые продукты
openSUSE Leap 16.0:libminizip1-1.2.13-160000.3.1
openSUSE Leap 16.0:libminizip1-x86-64-v3-1.2.13-160000.3.1
openSUSE Leap 16.0:libz1-1.2.13-160000.3.1
openSUSE Leap 16.0:libz1-x86-64-v3-1.2.13-160000.3.1
Ссылки
- CVE-2026-27171
- SUSE Bug 1258392