- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Support for Zlib 1.3 for InstallShield 2022 R2 version
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Support for Zlib 1.3 for InstallShield 2022 R2 version
Hi Team,
Any plans to release a hotfix for InstallShield 2022 R2 version to support Zlib 1.3.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi - We have plans to include zlib 1.3 with Installshield 2023 R2.
I hope this helps.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi
we have got one critical vulnerability in our application for Zlib(CVE-2023-45853). To fix that we needed hotfix or patch for InstallShield 2022 R2 version.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
The CVE-2023-45853 vulnerability specifically targets minizips use of Long Filename, comment or extra field.
Installshield does not use comment and extra field and also does not have scenarios that leads to a long filenames.
Therefore the vulnerability reported in CVE-2023-45853 does not directly affect Installshield 2022R2
If you have been alerted to this through vulnerability scanning software and it is important for you to remove this from the scan report of the installer, then please upgrade to Installshield 2023 R2. This version of Installshield uses the later zlib 1.3 version.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Thanks Shunt for the reply,
we have upgraded to 2023 R2 version, but the zlib version is showing 1.3 is that correct.
if so, we wanted an zlib 1.3.1 version. any plans for this upgrade.
In 2023 R2 release notes, Zlib version is mentioned as 1.3.0.1 this is same as 1.3 or 1.3.1
please clarify on this.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @kingraj,
Thank you for your post.
Could you please clarify the business justification for needing zlib 1.3.1 to be included with InstallShield 2023 R2? My understanding is that the vulnerability that you mentioned, CVE-2023-45853, is resolved by zlib 1.3. So what is your reason for needing zlib 1.3.1? Could you please clarify and elaborate in more detail, so we can better understand this issue that you reported?
Please let us know if you have any questions or concerns. Thanks!
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Thanks @Revenera_Ian
in the below link provided by zlib they are claiming to have fixed the issue in 1.3.1
https://github.com/madler/zlib/issues/868
This is the confusion we are having whether the CVE which is CVE-2023-45853 got fixed in IS 2023R2
Thanks,
Raghavendra
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
You're welcome; we're happy to help. Thanks @raghupc
Yes, and what we're saying is that vulnerability CVE-2023-45853 is fixed in zlib 1.3, which is included in InstallShield 2023 R2. Please upgrade to InstallShield 2023 R2 to take advantage of this fix.
Please let us know if you have any questions or concerns. Thanks!
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
@Revenera_Ian It got fixed in zlib 1.3.1, but IS 2023R2 is showing zlib 1.3.0.1
both versions are different. If the CVE which is mentioned above got fixed in zlib 1.3.0.1 then we are good
Thanks
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Thank you for clarifying @raghupc
I'm researching this issue for you, and I'll keep you posted.
Please let us know if you have any questions or concerns. Thanks!
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @raghupc,
Thank you for your patience.
Based on our analysis, InstallShield is not susceptible to this vulnerability. We've published the following article to help address any concerns regarding this:
https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-45853-zlib-vulnerability-impact-on-InstallShield/ta-p/309926
Please let us know if you have any questions or concerns. Thanks!