Advisories » MGASA-2026-0076

Updated zlib packages fix security vulnerability

Publication date: 31 Mar 2026
Modification date: 31 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27171

Description

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and
crc32_combine_gen64 because x2nmodp can do right shifts within a loop
that has no termination condition. (CVE-2026-27171)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35291
• https://bugzilla.redhat.com/show_bug.cgi?id=2440530
• https://ubuntu.com/security/CVE-2026-27171
• https://security-tracker.debian.org/tracker/CVE-2026-27171
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171

SRPMS

9/core

• zlib-1.2.13-1.4.mga9