Low Severity

Security Bulletin: AIX is vulnerable to denial of service due to zlib and zlibNX (CVE-2018-25032)

Share this post:

A vulnerability in zlib and zlibNX could allow a remote attacker to cause a denial of service (CVE-2018-25032). AIX uses zlib and zlibNX as part of its data compression functions.

CVE(s): CVE-2018-25032

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
AIX 7.1
AIX 7.2
AIX 7.3
VIOS 3.1


The following fileset levels are vulnerable:


For zlib:

Fileset Lower Level Upper Level


For zlibNX:

Fileset Lower Level Upper Level


To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.
Example:  lslpp -L | grep -i zlibNX.rte

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6824891
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OAuthLib

November 30, 2022 | Low Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OAuthLib. ...read more

Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

November 21, 2022 | Low Severity

If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the session expires. ...read more

Security Bulletin: Vulnerability in Apache HTTP (CVE-2020-13950) affects Power HMC

November 18, 2022 | Low Severity

Apache HTTP webserver is used by IBM Power Hardware Management Console (HMC) for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerability, CVE-2020-13950 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the vulnerability. ...read more