Lucene search

Gentoo FoundationMGASA-2023-0312

HistoryNov 09, 2023 - 3:55 p.m.

Updated zlib packages fix a security vulnerability

2023-11-0915:55:51

Gentoo Foundation

advisories.mageia.org

zlib

security vulnerability

integer overflow

minizip

heap-based buffer overflow

zipopennewfileinzip4_64

long filename

comment

extra field

cve-2023-45853

unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.8%

JSON

The updated packages fix a security vulnerability: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. (CVE-2023-45853)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchzlib< 1.2.12-1.4zlib-1.2.12-1.4.mga8
Mageia9noarchzlib< 1.2.13-1.1zlib-1.2.13-1.1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	zlib	< 1.2.12-1.4	zlib-1.2.12-1.4.mga8
Mageia	9	noarch	zlib	< 1.2.13-1.1	zlib-1.2.13-1.1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32426

www.openwall.com/lists/oss-security/2023/10/20/9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.8%

JSON

Related for MGASA-2023-0312