public inbox for gdb@sourceware.org
 help / color / mirror / Atom feed
* [CVE] zlib (< 1.2.12) memory corruption
@ 2022-04-05 13:56 Luis Machado
  2022-04-08 13:36 ` Nick Clifton
  2022-04-12 15:27 ` Nick Clifton
  0 siblings, 2 replies; 4+ messages in thread
From: Luis Machado @ 2022-04-05 13:56 UTC (permalink / raw)
  To: binutils, gdb, gcc

Hi,

There is a CVE [1] for zlib < 1.2.12 (released march 27th).

GCC currently uses zlib 1.2.11, and binutils-gdb imports the zlib 
directory from GCC. The recommendation is to get it updated to 1.2.12, 
which contains the proper fix [2].

It might not affect gcc/binutils/gdb since the code doesn't seem to be 
using the problematic option Z_FIXED, but it seems like a good idea to 
consider bumping the version of zlib we use.

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-25032
[2] 
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-04-12 15:27 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-05 13:56 [CVE] zlib (< 1.2.12) memory corruption Luis Machado
2022-04-08 13:36 ` Nick Clifton
2022-04-12  7:30   ` Luis Machado
2022-04-12 15:27 ` Nick Clifton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).