[Oraclevm-errata] OVMSA-2023-0011 Important: Oracle VM 3 Extended Lifecycle Support (ELS) zlib security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Aug 17 14:15:05 UTC 2023
Oracle VM Security Advisory OVMSA-2023-0011
The following updated rpms for Oracle VM 3 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:
x86_64:
zlib-1.2.3-29.0.1.el6.x86_64.rpm
Related CVEs:
CVE-2018-25032
Description of changes:
[1.2.3-29.0.1]
- Fix a bug that can crash deflate when using Z_FIXED [CVE-2018-25032][Orabug: 34161396]
[1.2.3-29]
- related: #754694
updated zlib.map file to not hide (local) ABI symbols
[1.2.3-28]
- resolves: #823007
optimized deflate function on s390(x)
- resolves: #754694
added zlib.map file to provide better version information
[1.2.3-27]
- Resolves: #727288
recompiled with -Wl,-z,relro flags
[1.2.3-26]
- Resolves: #622781
zlib has fence-post error in adler32_combine
[1.2.3-25]
- Resolves: #597954
add zlib .pc file
[1.2.3-24]
- Resolves: #543948
add Boost license
[1.2.3-23.1]
- Rebuilt for RHEL 6
[1.2.3-23]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[1.2.3-22]
- fix the libz.so symlink
[1.2.3-21]
- consolidate the autoconfiscation patches into one and clean it up
- consequently, clean up the %build and %install sections
- zconf.h includes unistd.h again (#479133)
[1.2.3-20]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[1.2.3-19]
- fix 473490 - unchecked malloc
[1.2.3-18]
- change license tag (226671#c29)
[1.2.3-17]
- spec file changes
[1.2.3-16]
- remove minizip headers to minizip-devel
- spec file cleanup
- fix minizip.pc file
[1.2.3-15]
- separate static subpackage
[1.2.3-14]
- create minizip subpackage
[1.2.3-13]
- remove .so,.a
[1.2.3-12]
- Resolves #240277
Move libz to /lib(64)
[1.2.3-11]
- Resolves: 237295
fix Summary tag
[1.2.3-10]
- remove zlib .so.* packages to /lib
[1.2.3-9]
- incorporate package review feedback
[1.2.3-8]
- fixed broken version of libz
[1.2.3-7]
- building is now automatized
- specfile cleanup
[1.2.3-6]
- remove the compilation part to build section
some minor changes
[1.2.3-5]
- incorporate package review feedback
[1.2.3-4]
- fix #209424 - fix libz.a permissions
[1.2.3-3]
- add cflags (#199379)
[1.2.3-2]
- rebuild
[1.2.3-1.2.1]
- bump again for double-long bug on ppc(64)
[1.2.3-1.2]
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
* Wed Aug 24 2005 Florian La Roche <laroche at redhat.com>
- update to 1.2.3
[1.2.2.2-5]
- fix bug 163038 - CAN-2005-1849 - zlib buffer overflow
[1.2.2.2-4]
- fix bug 162392 - CAN-2005-2096
[1.2.2.2-3]
- fix bug 122408 - zlib build process runs configure twice
[1.2.2.2-2]
- rebuild with gcc4.
[1.2.2.2-1]
- upgrade to 1.2.2.2.
[1.2.2.1-1]
- upgrade to 1.2.2.1.
[1.2.1.2-1]
- update to 1.2.1.2 to fix 2 DoS problems (#131385).
* Tue Jun 15 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
[1.2.1.1-1]
- upgrade to zlib-1.2.1.1.
* Sun Nov 30 2003 Florian La Roche <Florian.LaRoche at redhat.de>
- update to 1.2.1 release
[1.2.0.7-3]
- unrevert zlib.h include constants (#106291), rejected upstream.
[1.2.0.7-2]
- fix: gzeof not set when reading compressed file (#106424).
- fix: revert zlib.h include constants for now (#106291).
[1.2.0.7-1]
- update to 1.2.0.7, penultimate 1.2.1 release candidate.
[1.2.0.3-0.1]
- update to release candidate.
* Wed Jun 04 2003 Elliot Lee <sopwith at redhat.com>
- rebuilt
[1.1.4-9]
- rebuild, revert from 1.2.0.1.
[1.1.4-8]
- fix gzprintf buffer overrun (#84961).
[1.1.4-7]
- rebuilt
[1.1.4-6]
- Make ./configure use $CC to ease cross-compilation
[1.1.4-5]
- rebuild from cvs.
* Fri Jun 21 2002 Tim Powers <timp at redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp at redhat.com>
- automated rebuild
[1.1.4-2]
- remove glibc patch, it is no longer needed (zlib uses gcc -shared
as it should)
- run tests and only build the package if they succeed
[1.1.4-1]
- 1.1.4
[1.1.3-25.7]
- Fix double free
[1.1.3-24]
- Add example.c and minigzip.c to the doc files, as
they are listed as examples in the README (#52574)
* Mon Jun 18 2001 Trond Eivind Glomsrød <teg at redhat.com>
- Updated URL
- Add version dependency for zlib-devel
- s/Copyright/License/
* Wed Feb 14 2001 Trond Eivind Glomsrød <teg at redhat.com>
- bumped version number - this is the old version without the performance enhancements
* Fri Sep 15 2000 Florian La Roche <Florian.LaRoche at redhat.de>
- add -fPIC for shared libs (patch by Fritz Elfert)
* Thu Sep 07 2000 Jeff Johnson <jbj at redhat.com>
- on 64bit systems, make sure libraries are located correctly.
* Thu Aug 17 2000 Jeff Johnson <jbj at redhat.com>
- summaries from specspo.
* Thu Jul 13 2000 Prospector <bugzilla at redhat.com>
- automatic rebuild
* Sun Jul 02 2000 Trond Eivind Glomsrød <teg at redhat.com>
- rebuild
* Tue Jun 13 2000 Jeff Johnson <jbj at redhat.com>
- FHS packaging to build on solaris2.5.1.
* Wed Jun 07 2000 Trond Eivind Glomsrød <teg at redhat.com>
- use %{_mandir} and %{_tmppath}
* Fri May 12 2000 Trond Eivind Glomsrød <teg at redhat.com>
- updated URL and source location
- moved README to main package
* Mon Feb 07 2000 Jeff Johnson <jbj at redhat.com>
- compress man page.
* Sun Mar 21 1999 Cristian Gafton <gafton at redhat.com>
- auto rebuild in the new build environment (release 5)
* Wed Sep 09 1998 Cristian Gafton <gafton at redhat.com>
- link against glibc
* Mon Jul 27 1998 Jeff Johnson <jbj at redhat.com>
- upgrade to 1.1.3
* Fri May 08 1998 Prospector System <bugs at redhat.com>
- translations modified for de, fr, tr
* Wed Apr 08 1998 Cristian Gafton <gafton at redhat.com>
- upgraded to 1.1.2
- buildroot
* Tue Oct 07 1997 Donnie Barnes <djb at redhat.com>
- added URL tag (down at the moment so it may not be correct)
- made zlib-devel require zlib
* Thu Jun 19 1997 Erik Troan <ewt at redhat.com>
- built against glibc
More information about the Oraclevm-errata
mailing list