Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4624

Update zlib to 1.2.13+

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Unknown Unknown
    • 1.24.0
    • 1.22.1
    • None
    • None

    Description

      The bundled version zlib 1.2.12 is outdated and is affected by a known vulnerability, CVE-2018-25032:

      https://nvd.nist.gov/vuln/detail/CVE-2018-25032

      The changelog of the recently released zlib 1.2.13 recommends to update.
      Quote from https://zlib.net/

      Version 1.2.13 has these key updates from 1.2.12:

      • Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434.
      • Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression.
      • Fix a configure issue that discarded the provided CC definition.
      • Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java.
      • Repair prototypes and exporting of the new CRC functions.
      • Fix inflateBack to detect invalid input with distances too far.

      Due to the first bug fix, any installations of 1.2.12 or earlier should be replaced with 1.2.13.

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            john.becker John Becker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: