Advisory ROSA-SA-2025-2721

Software: zlib 1.2.11 OS: ROSA Virtualization 3.0 packageevrstring: zlib-1.2.11 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of...

Updated zlib packages fix a security vulnerability

Updated zlib packages fix a security vulnerability: Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...

Medium: rsync

Issue Overview: A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader. CVE-2022-37434 Affected Packages: rsync Note: This advisory is...

Important: zlib

Issue Overview: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated...