UbuntuUpdates.org

Package "zlib"

Name: zlib

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • compression library - 32 bit runtime
  • compression library - 32 bit - DO NOT USE EXCEPT FOR PACKAGING
  • compression library - x32 runtime
  • compression library - x32 - DO NOT USE EXCEPT FOR PACKAGING

Latest version: 1:1.2.11.dfsg-2ubuntu1.5
Release: focal (20.04)
Level: updates
Repository: main

Links



Other versions of "zlib" in Focal

Repository Area Version
base main 1:1.2.11.dfsg-2ubuntu1
security main 1:1.2.11.dfsg-2ubuntu1.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:1.2.11.dfsg-2ubuntu1.5 2022-10-17 21:06:36 UTC

  zlib (1:1.2.11.dfsg-2ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer over-read (LP: #1988548)
    - debian/patches/CVE-2022-37434-1.patch: in inflate.c, add an extra
      condition to check if state->head->extra_max is greater than len
      before copying, and move the len assignment to be placed before the
      check.
    - debian/patches/CVE-2022-37434-2.patch: in the previous patch, in
      inflate.c, the place of the len assignment was causing issues so it
      was moved to be placed within the check.
    - CVE-2022-37434

 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 14 Oct 2022 17:22:43 -0300

Source diff to previous version
1988548 Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only appl

Version: 1:1.2.11.dfsg-2ubuntu1.4 2022-10-05 06:06:28 UTC

  zlib (1:1.2.11.dfsg-2ubuntu1.4) focal; urgency=medium

  * d/p/410-lp1961427.patch ported from zlib #410, fixing
    compressBound() with hw acceleration. LP: #1961427
    Thanks to Ilya Leoshkevich <email address hidden>.
    In addition a patch is needed in htslib.

 -- Frank Heimes <email address hidden> Thu, 21 Jul 2022 10:30:05 +0100

Source diff to previous version

Version: 1:1.2.11.dfsg-2ubuntu1.3 2022-03-30 16:06:22 UTC

  zlib (1:1.2.11.dfsg-2ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: memory corruption when deflating
    - debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
      deflate on some input when using Z_FIXED in deflate.c, deflate.h.
    - debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
      for deflatePrime() is valid in deflate.c.
    - CVE-2018-25032

 -- Marc Deslauriers <email address hidden> Sat, 26 Mar 2022 14:20:54 -0400

Source diff to previous version
CVE-2018-25032 zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Version: 1:1.2.11.dfsg-2ubuntu1.2 2020-11-05 12:06:21 UTC

  zlib (1:1.2.11.dfsg-2ubuntu1.2) focal; urgency=medium

  * Cherrypick update of s390x hw acceleration #410 pull request patch,
    which corrects inflateSyncPoint() return value to always gracefully
    fail when hw acceleration is in use. This fixes rsync failure with
    zlib compression on hw accelerated s390x. LP: #1899621

 -- Dimitri John Ledkov <email address hidden> Thu, 15 Oct 2020 11:10:29 +0100

Source diff to previous version
1899621 [Ubuntu 20.04] zlib: inflateSyncPoint() returns an incorrect result on z15

Version: 1:1.2.11.dfsg-2ubuntu1.1 2020-10-05 10:07:03 UTC

  zlib (1:1.2.11.dfsg-2ubuntu1.1) focal; urgency=medium

  * Update d/patches/410.patch to current state to fix issues with hardware
    accelerated zlib on new s390x machines. LP: #1893170

 -- Michael Hudson-Doyle <email address hidden> Thu, 20 Aug 2020 11:52:59 +1200

1893170 [Ubuntu 20.10] zlib: DFLTCC compression level switching issues



About   -   Send Feedback to @ubuntu_updates