Low Severity

Security Bulletin: AIX is vulnerable to denial of service due to zlib and zlibNX (CVE-2018-25032)

Share this post:

A vulnerability in zlib and zlibNX could allow a remote attacker to cause a denial of service (CVE-2018-25032). AIX uses zlib and zlibNX as part of its data compression functions.

CVE(s): CVE-2018-25032

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
AIX 7.1
AIX 7.2
AIX 7.3
VIOS 3.1

 

The following fileset levels are vulnerable:

 

For zlib:

Fileset Lower Level Upper Level
rpm.rte 4.9.1.3 4.15.1.1005
rpm.rte 4.15.1.2000 4.15.1.2005

 

For zlibNX:

Fileset Lower Level Upper Level
zlibNX.rte 7.2.4.0 7.2.4.7
zlibNX.rte 7.3.0.0 7.3.0.1

 

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.
 
Example:  lslpp -L | grep -i zlibNX.rte
 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6824891
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OAuthLib

November 30, 2022 | Low Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OAuthLib. ...read more


Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

November 21, 2022 | Low Severity

If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the session expires. ...read more


Security Bulletin: Vulnerability in Apache HTTP (CVE-2020-13950) affects Power HMC

November 18, 2022 | Low Severity

Apache HTTP webserver is used by IBM Power Hardware Management Console (HMC) for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerability, CVE-2020-13950 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the vulnerability. ...read more