Hi Opensource-Team,

we got an security alert for zlib. An update of the package would be great as some other companies like SUSE rated this CVE with high impact.

CVE: CVE - CVE-2018-25032 (mitre.org)
Affected versions: <1.2.12

Suse: CVE-2018-25032 | SUSE

Best regards

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

#AIXOpenSource

Hi Niklas,

Thank you for reporting the issue. As I read this issue is there since 2018 and fix has been released recently.
We will update zlib to 1.2.12.

------------------------------
SANKET RATHI
------------------------------

Original Message:
Sent: Wed March 30, 2022 09:10 AM
From: Niklas V.
Subject: CVE-2018-25032 for zlib - version >=1.2.12 required

Hi Opensource-Team,

we got an security alert for zlib. An update of the package would be great as some other companies like SUSE rated this CVE with high impact.

CVE: CVE - CVE-2018-25032 (mitre.org)
Affected versions: <1.2.12

Suse: CVE-2018-25032 | SUSE

Best regards

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

#AIXOpenSource

> We will update zlib to 1.2.12.

May i ask for a (however rough) timeframe? We need to put a remedy for CVE-2018-25032 into place and at the very minimum need to have an answer for "when will that happen". There is not really any alternative for zlib at all and we cannot afford to say "we will eventually update" indefinitely.

------------------------------
Wolf Machowitsch
------------------------------

Original Message:
Sent: Wed March 30, 2022 09:56 AM
From: SANKET RATHI
Subject: CVE-2018-25032 for zlib - version >=1.2.12 required

Hi Niklas,

Thank you for reporting the issue. As I read this issue is there since 2018 and fix has been released recently.
We will update zlib to 1.2.12.

------------------------------
SANKET RATHI

Original Message:
Sent: Wed March 30, 2022 09:10 AM
From: Niklas V.
Subject: CVE-2018-25032 for zlib - version >=1.2.12 required

Hi Opensource-Team,

we got an security alert for zlib. An update of the package would be great as some other companies like SUSE rated this CVE with high impact.

CVE: CVE - CVE-2018-25032 (mitre.org)
Affected versions: <1.2.12

Suse: CVE-2018-25032 | SUSE

Best regards

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

#AIXOpenSource

zlib 1.2.12 is already available on AIX toolbox.

------------------------------
SANKET RATHI
------------------------------

Original Message:
Sent: Mon April 25, 2022 04:59 AM
From: Wolf Machowitsch
Subject: CVE-2018-25032 for zlib - version >=1.2.12 required

> We will update zlib to 1.2.12.

May i ask for a (however rough) timeframe? We need to put a remedy for CVE-2018-25032 into place and at the very minimum need to have an answer for "when will that happen". There is not really any alternative for zlib at all and we cannot afford to say "we will eventually update" indefinitely.

------------------------------
Wolf Machowitsch

Original Message:
Sent: Wed March 30, 2022 09:56 AM
From: SANKET RATHI
Subject: CVE-2018-25032 for zlib - version >=1.2.12 required

Hi Niklas,

Thank you for reporting the issue. As I read this issue is there since 2018 and fix has been released recently.
We will update zlib to 1.2.12.

------------------------------
SANKET RATHI

Original Message:
Sent: Wed March 30, 2022 09:10 AM
From: Niklas V.
Subject: CVE-2018-25032 for zlib - version >=1.2.12 required

Hi Opensource-Team,

we got an security alert for zlib. An update of the package would be great as some other companies like SUSE rated this CVE with high impact.

CVE: CVE - CVE-2018-25032 (mitre.org)
Affected versions: <1.2.12

Suse: CVE-2018-25032 | SUSE

Best regards

------------------------------
Niklas
System Engineer UNIX and Linux on Power
------------------------------

#AIXOpenSource