Test ID:	1.3.6.1.4.1.25623.1.1.2.2022.2125
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2022-2125)
Summary:	The remote host is missing an update for the Huawei EulerOS 'zlib' package(s) announced via the EulerOS-SA-2022-2125 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'zlib' package(s) announced via the EulerOS-SA-2022-2125 advisory. Vulnerability Insight: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.(CVE-2018-25032) Affected Software/OS: 'zlib' package(s) on Huawei EulerOS Virtualization release 2.10.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-25032 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://security.netapp.com/advisory/ntap-20220526-0009/ https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257 Debian Security Information: DSA-5111 (Google Search) https://www.debian.org/security/2022/dsa-5111 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ http://seclists.org/fulldisclosure/2022/May/38 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/33 https://security.gentoo.org/glsa/202210-42 https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/issues/605 https://www.openwall.com/lists/oss-security/2022/03/24/1 https://www.openwall.com/lists/oss-security/2022/03/28/1 https://www.openwall.com/lists/oss-security/2022/03/28/3 https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.