|
|
Log in / Subscribe / Register

Mageia alert MGASA-2026-0076 (zlib)



From:
              Mageia Updates <updates-announce@ml.mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2026-0076: Updated zlib packages fix security vulnerability


Date:
              Wed, 01 Apr 2026 01:06:32 +0200


Message-ID:
              <20260331230632.A810B9FB27@duvel.mageia.org>


Archive-link:
              Article


MGASA-2026-0076 - Updated zlib packages fix security vulnerability

Publication date: 31 Mar 2026
URL: https://advisories.mageia.org/MGASA-2026-0076.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2026-27171

Description:
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and
crc32_combine_gen64 because x2nmodp can do right shifts within a loop
that has no termination condition. (CVE-2026-27171)

References:
- https://bugs.mageia.org/show_bug.cgi?id=35291
- https://bugzilla.redhat.com/show_bug.cgi?id=2440530
- https://ubuntu.com/security/CVE-2026-27171
- https://security-tracker.debian.org/tracker/CVE-2026-27171
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2...

SRPMS:
- 9/core/zlib-1.2.13-1.4.mga9
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds