[CLSA-2022:1660760405] Fix CVE(s): CVE-2022-37434

Type:

security

Severity:

Critical

Release date:

2022-08-17 18:20:05 UTC

Description:

   * SECURITY UPDATE: possible buffer overflow when getting a gzip header
     extra field with inflate()
     - debian/patches/CVE-2022-37434.patch: ensure that space the user
       provided with inflateGetHeader() is enough when multiple calls
       of inflate() delivers an extra header data.
     - CVE-2022-37434

Updated packages:

lib32z1_1.2.8.dfsg-2ubuntu4.3+tuxcare.els2_amd64.deb
sha:9ba28de970590c14f7d14e489af8a3b8eeed5fa0
lib32z1-dev_1.2.8.dfsg-2ubuntu4.3+tuxcare.els2_amd64.deb
sha:2d00b6c1383fc6fd535156681b241b9ed06db390
libx32z1_1.2.8.dfsg-2ubuntu4.3+tuxcare.els2_amd64.deb
sha:4369cbb9f0b0075686324af1b9b42b9e2099fe51
libx32z1-dev_1.2.8.dfsg-2ubuntu4.3+tuxcare.els2_amd64.deb
sha:eb31687a6e5666254272b8e4169d981ae19b1002
zlib1g_1.2.8.dfsg-2ubuntu4.3+tuxcare.els2_amd64.deb
sha:d31336540951508539260290fb35fc6942eb16d3
zlib1g-dev_1.2.8.dfsg-2ubuntu4.3+tuxcare.els2_amd64.deb
sha:8fdcd5a6aece2bf6fe8f23b5344974b3796bd973

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.