SUSE: CVE-2022-37434: SUSE Linux Security Advisory
4
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
08/05/2022
10/26/2022
10/26/2022
11/14/2023
Description
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Solution(s)
- suse-upgrade-libminizip1
- suse-upgrade-libminizip1-32bit
- suse-upgrade-libqt5-qtbase-common-devel
- suse-upgrade-libqt5-qtbase-devel
- suse-upgrade-libqt5-qtbase-platformtheme-gtk3
- suse-upgrade-libqt5-qtbase-private-headers-devel
- suse-upgrade-libqt5concurrent-devel
- suse-upgrade-libqt5concurrent5
- suse-upgrade-libqt5core-devel
- suse-upgrade-libqt5core-private-headers-devel
- suse-upgrade-libqt5core5
- suse-upgrade-libqt5dbus-devel
- suse-upgrade-libqt5dbus-private-headers-devel
- suse-upgrade-libqt5dbus5
- suse-upgrade-libqt5gui-devel
- suse-upgrade-libqt5gui-private-headers-devel
- suse-upgrade-libqt5gui5
- suse-upgrade-libqt5kmssupport-devel-static
- suse-upgrade-libqt5kmssupport-private-headers-devel
- suse-upgrade-libqt5network-devel
- suse-upgrade-libqt5network-private-headers-devel
- suse-upgrade-libqt5network5
- suse-upgrade-libqt5opengl-devel
- suse-upgrade-libqt5opengl-private-headers-devel
- suse-upgrade-libqt5opengl5
- suse-upgrade-libqt5openglextensions-devel-static
- suse-upgrade-libqt5platformheaders-devel
- suse-upgrade-libqt5platformsupport-devel-static
- suse-upgrade-libqt5platformsupport-private-headers-devel
- suse-upgrade-libqt5printsupport-devel
- suse-upgrade-libqt5printsupport-private-headers-devel
- suse-upgrade-libqt5printsupport5
- suse-upgrade-libqt5sql-devel
- suse-upgrade-libqt5sql-private-headers-devel
- suse-upgrade-libqt5sql5
- suse-upgrade-libqt5sql5-mysql
- suse-upgrade-libqt5sql5-postgresql
- suse-upgrade-libqt5sql5-sqlite
- suse-upgrade-libqt5sql5-unixodbc
- suse-upgrade-libqt5test-devel
- suse-upgrade-libqt5test-private-headers-devel
- suse-upgrade-libqt5test5
- suse-upgrade-libqt5widgets-devel
- suse-upgrade-libqt5widgets-private-headers-devel
- suse-upgrade-libqt5widgets5
- suse-upgrade-libqt5xml-devel
- suse-upgrade-libqt5xml5
- suse-upgrade-libvlc5
- suse-upgrade-libvlccore9
- suse-upgrade-libz1
- suse-upgrade-libz1-32bit
- suse-upgrade-minizip-devel
- suse-upgrade-vlc
- suse-upgrade-vlc-codec-gstreamer
- suse-upgrade-vlc-devel
- suse-upgrade-vlc-jack
- suse-upgrade-vlc-lang
- suse-upgrade-vlc-nox
- suse-upgrade-vlc-opencv
- suse-upgrade-vlc-qt
- suse-upgrade-vlc-vdpau
- suse-upgrade-zlib-devel
- suse-upgrade-zlib-devel-32bit
- suse-upgrade-zlib-devel-static
- suse-upgrade-zlib-devel-static-32bit
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center