You are not logged in.
- Topics: Active | Unanswered
#1 2022-03-31 21:12:35
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
[SOLVED] Zlib crash-an-app bug - does it affect us?
Hello:
This article came up yesterday at ElReg:
Zlib crash-an-app bug finally squashed, 17 years later.
https://www.theregister.com/2022/03/30/ … /?td=rt-4a
It is about a long standing bug in the zlib data-compression library.
Having been reported in 2018, it was never looked at or fixed.
Until now.
https://www.openwall.com/lists/oss-secu … 22/03/24/1
A patch is available on Github, and security analysts recommend updating to Zlib version 1.2.12. Linux distros Ubuntu and Alpine, to name two, have also implemented the fix in their latest releases.
Don't know how problematic this can be for the everyday Devuan user.
It has been out there forever ...
Best,
A.
Offline
#2 2022-03-31 21:56:18
- Marjorie
- Member
- From: Teignmouth, UK
- Registered: 2019-06-09
- Posts: 221
Re: [SOLVED] Zlib crash-an-app bug - does it affect us?
It has been fixed in Debian for Bookworm and Sid (in zlib 1:1.2.11.dfsg-4).
Stretch, Buster and Bullseye have yet to be fixed.
https://security-tracker.debian.org/tra … ckage/zlib
I expect it will be fixed shortly in the remaining versions and all pulled into the Devuan repositories shortly thereafter.
For now stable and older remain vulnerable and can't yet be updated.
Offline
#3 2022-03-31 22:59:01
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Re: [SOLVED] Zlib crash-an-app bug - does it affect us?
Hello:
... fixed in Debian for Bookworm and Sid ...
... Stretch, Buster and Bullseye have yet to be fixed.
... expect it will be fixed shortly ...
... stable and older remain vulnerable ...
Thanks for the information.
I guess we can wait a bit more, it's been out there forever. ;^)
Best,
A.
Offline
#4 2022-04-02 06:40:21
- Marjorie
- Member
- From: Teignmouth, UK
- Registered: 2019-06-09
- Posts: 221
Re: [SOLVED] Zlib crash-an-app bug - does it affect us?
My unattended-upgrades installed a new version of zlib1g:amd64 (1:1.2.11.dfsg-2+deb11u1) from Chimaera-security this morning. This is the zlib runtime.
https://security-tracker.debian.org/tra … ckage/zlib say this is the patched version and say it is no longer vulnerable. Both Buster and Bullseye have now been patched.
Last edited by Marjorie (2022-04-02 06:45:41)
Offline
#5 2022-04-02 10:46:40
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Re: [SOLVED] Zlib crash-an-app bug - does it affect us?
Hello:
... installed a new version of zlib1g:amd64 (1:1.2.11.dfsg-2+deb11u1) from Chimaera-security this morning.
Thanks for the update on this.
Last night I updated my netbook and main box running Beowulf backported and saw the upgrade come in.
The following packages will be upgraded:
rsyslog zlib1g zlib1g:i386 zlib1g-devSeems all is well and right on time as usual with Linux Devuan. 8^D
Best,
A.
Offline
