Test ID:	1.3.6.1.4.1.25623.1.0.893103
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-3103-1)
Summary:	The remote host is missing an update for the Debian 'zlib' package(s) announced via the DLA-3103-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'zlib' package(s) announced via the DLA-3103-1 advisory. Vulnerability Insight: Evgeny Legerov reported a heap-based buffer overflow vulnerability in the inflate operation in zlib, which could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed. For Debian 10 buster, this problem has been fixed in version 1:1.2.11.dfsg-1+deb10u2. We recommend that you upgrade your zlib packages. For the detailed security status of zlib please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'zlib' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-37434 20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1 http://seclists.org/fulldisclosure/2022/Oct/37 20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 http://seclists.org/fulldisclosure/2022/Oct/38 20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 http://seclists.org/fulldisclosure/2022/Oct/41 20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 http://seclists.org/fulldisclosure/2022/Oct/42 DSA-5218 https://www.debian.org/security/2022/dsa-5218 FEDORA-2022-0b517a5397 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ FEDORA-2022-15da0cf165 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ FEDORA-2022-25e4dbedf9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ FEDORA-2022-3c28ae0cd8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ FEDORA-2022-b8232d1cca https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ [debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html [oss-security] 20220805 zlib buffer overflow http://www.openwall.com/lists/oss-security/2022/08/05/2 [oss-security] 20220808 Re: zlib buffer overflow http://www.openwall.com/lists/oss-security/2022/08/09/1 https://github.com/curl/curl/issues/9271 https://github.com/ivd38/zlib_overflow https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 https://security.netapp.com/advisory/ntap-20220901-0005/ https://support.apple.com/kb/HT213488 https://support.apple.com/kb/HT213489 https://support.apple.com/kb/HT213490 https://support.apple.com/kb/HT213491 https://support.apple.com/kb/HT213493 https://support.apple.com/kb/HT213494
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.