Ubuntu Security Notice 5355-2 - USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
bd7bd9de57a4bed18909c272ff1654178c42449228d7c6020d29b7ecf83a4081
==========================================================================
Ubuntu Security Notice USN-5355-2
March 30, 2022
zlib vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
zlib could be made to crash or run programs if it received specially
crafted input.
Software Description:
- zlib: compression library - 32 bit runtime
Details:
USN-5355-1 fixed a vulnerability in zlib. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Danilo Ramos discovered that zlib incorrectly handled memory when
performing certain deflating operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
lib32z1 1:1.2.8.dfsg-2ubuntu4.3+esm1
lib64z1 1:1.2.8.dfsg-2ubuntu4.3+esm1
libx32z1 1:1.2.8.dfsg-2ubuntu4.3+esm1
zlib1g 1:1.2.8.dfsg-2ubuntu4.3+esm1
Ubuntu 14.04 ESM:
lib32z1 1:1.2.8.dfsg-1ubuntu1.1+esm1
lib64z1 1:1.2.8.dfsg-1ubuntu1.1+esm1
libx32z1 1:1.2.8.dfsg-1ubuntu1.1+esm1
zlib1g 1:1.2.8.dfsg-1ubuntu1.1+esm1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5355-1
CVE-2018-25032