FreeBSD 11.3 having zlib 1.2.11 (libz.so.6).

rahupcr · Apr 24, 2022

Hi Team,

currently, FreeBSD 11.3 is used for our application.

As part of security scans we found one vulnerability on zlib which is part of the OS ( libz.so.6 - which is 1.2.11 version)

on Mar 27 2022 there was a vulnerability on 1.2.11 version CVE-2018-25032

is there a possibility to upgrade the zlib version to 1.2.12 on FreeBSD 11.3 OS.

we cant upgrade FreeBSD as many of our customers are having tight dependency on this OS.

any inputs on this will be helpful

Thanks,
Raghu

Alexander88207 · Apr 24, 2022

Hello,

FreeBSD version 11.3 is EOL since September 30, 2020.

You should upgrade to 12.3 or newer (At this time of writing).

If you do not want to update you put yourself and others in danger.

rahupcr · Apr 24, 2022

ok thank you Alexander. but for now we have lot of customers who are using FreeBSD 11.3
is there any way now?

covacat · Apr 24, 2022

you may try to apply of the provided patch and rebuild zlib

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc

see 2) To update your vulnerable system via a source code patch:

rahupcr · Apr 25, 2022

covacat said:
you may try to apply of the provided patch and rebuild zlib

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc
see 2) To update your vulnerable system via a source code patch:

Thans you we will try this option once ?

FreeBSD 11.3 having zlib 1.2.11 (libz.so.6).

rahupcr

Alexander88207

Enthusiast

rahupcr

covacat

rahupcr