Updated zlib packages fix a security vulnerability
Publication date: 09 Nov 2023Modification date: 09 Nov 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-45853
Description
The updated packages fix a security vulnerability:
MiniZip in zlib through 1.3 has an integer overflow and resultant
heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long
filename, comment, or extra field. (CVE-2023-45853)
References
SRPMS
8/core
- zlib-1.2.12-1.4.mga8
9/core
- zlib-1.2.13-1.1.mga9