|
|
Log in / Subscribe / Register

Debian alert DLA-2993-1 (libz-mingw-w64)



From:
              Andreas Rönnquist <gusnan@librem.one>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2993-1] libz-mingw-w64 security update


Date:
              Sat, 07 May 2022 15:28:50 +0200


Message-ID:
              <20220507152850.208ced6d@debian-i7>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --------------------------------------------------------------------------
Debian LTS Advisory DLA-2993-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Andreas Rönnquist
May 04, 2022                                  https://wiki.debian.org/LTS
- --------------------------------------------------------------------------

Package        : libz-mingw-w64
Version        : 1.2.11+dfsg-1+deb9u1
CVE ID         : CVE-2018-25032

One security issue has been found in a compression library
libz-mingw-w64.

Danilo Ramos discovered that incorrect memory handling in
libz-mingw-w64's deflate handling could result in denial of service or
potentially the execution of arbitrary code if specially crafted input
is processed.

For Debian 9 stretch, this problem has been fixed in version
1.2.11+dfsg-1+deb9u1.

We recommend that you upgrade your libz-mingw-w64 packages.

For the detailed security status of libz-mingw-w64 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libz-mingw-w64

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2zBuSxD/2Y7021XXGUtjGrLaKIgFAmJ2c98ACgkQGUtjGrLa
KIiSgw//aaCWtSCdQLNbZXBxrMft2MX3dg7kugrO8bPWx/wWNiixZyUz52vhzBX2
i0GI2u+cMmwVnHrpAkWtubgzVuhC6fyK70LwheioK7uRtpvDtQXm/0gfq+layRKb
hdJj/F3A5F5nsZEv811GWCN1KWCRWbC3b69kjoX3RzTdWvkvkquXRxeREoEF769v
Qbi0v7ZwiFmIv2u1V9USLKGhBB5kso+itH2oEEef17pb5imSAjdY0OWJSAEFUmiV
lW/cmW8k5FKTvquxK7rYX/mkV66Vb4FLQ9R9tDdoTjNDA0W/EGG5MUPTmdzhyaB+
Ocsg5UnL3GNNsZK4/iFdhPuXHNMQsBa/Qm8XBYqN4fr1YsvP5qFlb+5QMry0aQsn
o8yByssa5I+UWMr6SMMbQFntZEOKoWiCEaAKyzkVald8BOZbwtc8+xJ4dOmq5ATJ
GODWM3bOmLjbqlJgnXjSULE4Nptc+aELg09VTj9Te38XLWqIL+VmhmID7Jl52NqP
lzawM3ESwc11VnR6wCA18X/jA+rbrUAOj6Qxq+lqp5M8WiQJ/NqZNRFgEt3J6p3B
3xH83TEzSkKpoQY2fUOxcr5rwLUPSovG96Eh+u3C1lUvwOrF3kyxrf1YqXgiHDoN
Q2XfLkYYYSsX7qQQIHvIE6sUgBTmP5F+KKiMqRIcZR5bT2Gib5s=
=ZGiv
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds