... installed a new version of zlib1g:amd64 (1:1.2.11.dfsg-2+deb11u1) from Chimaera-security this morning.
Thanks for the update on this.
Last night I updated my netbook and main box running Beowulf backported and saw the upgrade come in.
The following packages will be upgraded:
rsyslog zlib1g zlib1g:i386 zlib1g-dev
Seems all is well and right on time as usual with Linux Devuan. 8^D
Best,
A.
]]>https://security-tracker.debian.org/tra … ckage/zlib say this is the patched version and say it is no longer vulnerable. Both Buster and Bullseye have now been patched.
]]>... fixed in Debian for Bookworm and Sid ...
... Stretch, Buster and Bullseye have yet to be fixed.
... expect it will be fixed shortly ...
... stable and older remain vulnerable ...
Thanks for the information.
I guess we can wait a bit more, it's been out there forever. ;^)
Best,
A.
]]>This article came up yesterday at ElReg:
Zlib crash-an-app bug finally squashed, 17 years later.
https://www.theregister.com/2022/03/30/ … /?td=rt-4a
It is about a long standing bug in the zlib data-compression library.
Having been reported in 2018, it was never looked at or fixed.
Until now.
https://www.openwall.com/lists/oss-secu … 22/03/24/1
A patch is available on Github, and security analysts recommend updating to Zlib version 1.2.12. Linux distros Ubuntu and Alpine, to name two, have also implemented the fix in their latest releases.
Don't know how problematic this can be for the everyday Devuan user.
It has been out there forever ...
Best,
A.
]]>