PublicDateAtUSN: 2022-03-25 09:15:00 UTC
Candidate: CVE-2018-25032
PublicDate: 2022-03-25 09:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
 https://www.openwall.com/lists/oss-security/2022/03/24/1
 https://ubuntu.com/security/notices/USN-5355-1
 https://ubuntu.com/security/notices/USN-5355-2
 https://ubuntu.com/security/notices/USN-5359-1
Description:
 zlib before 1.2.12 allows memory corruption when deflating (i.e., when
 compressing) if the input has many distant matches.
Ubuntu-Description:
Notes:
 mdeslaur> since 3.1.3-7, rsync builds with the system zlib
Mitigation:
Bugs:
Priority: medium
Discovered-by: Danilo Ramos
Assigned-to: mdeslaur,leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_zlib:
 upstream: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
 upstream: https://github.com/madler/zlib/commit/4346a16853e19b45787ce933666026903fb8f3f8 (related)
upstream_zlib: released (1.2.12)
trusty_zlib: ignored (out of standard support)
trusty/esm_zlib: released (1:1.2.8.dfsg-1ubuntu1.1+esm1)
xenial_zlib: ignored (end of standard support)
esm-infra/xenial_zlib: released (1:1.2.8.dfsg-2ubuntu4.3+esm1)
bionic_zlib: released (1:1.2.11.dfsg-0ubuntu2.1)
focal_zlib: released (1:1.2.11.dfsg-2ubuntu1.3)
impish_zlib: released (1:1.2.11.dfsg-2ubuntu7.1)
jammy_zlib: released (1:1.2.11.dfsg-2ubuntu9)
devel_zlib: released (1:1.2.11.dfsg-2ubuntu9)

Patches_rsync:
upstream_rsync: released (3.2.4)
trusty_rsync: ignored (out of standard support)
trusty/esm_rsync: not-affected (uses system zlib)
xenial_rsync: ignored (out of standard support)
esm-infra/xenial_rsync: needed
bionic_rsync: released (3.1.2-2.1ubuntu1.4)
focal_rsync: released (3.1.3-8ubuntu0.3)
impish_rsync: not-affected (uses system zlib)
jammy_rsync: not-affected (uses system zlib)
devel_rsync: not-affected (uses system zlib)