This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
danielkfl
Level 3
‎Apr 08, 2022 06:41 AM

Zlib < v1.2.11 vulnerability

Jump to solution

Hi Everyone,

We received a CVSS 7.5 rated finding in our open source scans, which is related to zlib. https://nvd.nist.gov/vuln/detail/CVE-2018-25032

As far as I know InstallShield uses zlib as an oss component. Is there a hotfix in plan already? The fix came out recently by zlib.(zlib 1.2.12 - March 27, 2022)

Best regards,
Daniel

 

Labels (1)
Labels
0 Kudos
(1) Solution
vdonga
Moderator Moderator
Moderator
‎Apr 24, 2022 01:56 AM

Jump to solution

Hello @danielkfl , @svengalamr 

Hotfix for InstallShield 2021 is released. For details and download links, please refer to this article HOTFIX: Fix for vulnerability in zlib - CVE-2018-25032 - Community (flexera.com)

@kingraj Hotfix for InstallShield 2020 and 2019 is in the works and will be available in the same post as above. For versions below 2019, there are no plans to issue a hotfix and we strongly recommend to upgrade to a newer version.

View solution in original post

(7) Replies
vdonga
Moderator Moderator
Moderator
‎Apr 14, 2022 12:03 AM

Jump to solution

Hello Daniel,

Thanks for highlighting this. Our engineering team is working on a resolution for this issue for InstallShield 2021 and hopeful to issue a hotfix on or before 22-Apr-2022.

Please reach out to our support team, in case you have any further questions.

Thank you !

kingraj
Level 3
In response to vdonga
‎Apr 19, 2022 05:33 AM

Jump to solution

Hi,

When can we expect hotfix for InstallShield 2018 or 2019 version.

Thanks,

0 Kudos
svengalamr
Level 4
In response to vdonga
‎Apr 19, 2022 06:55 AM

Jump to solution

Hi @vdonga .

Good day..

Can you please let us know when can we expect the patch/SP for Installshield 2020

0 Kudos
vdonga
Moderator Moderator
Moderator
‎Apr 24, 2022 01:56 AM

Jump to solution

Hello @danielkfl , @svengalamr 

Hotfix for InstallShield 2021 is released. For details and download links, please refer to this article HOTFIX: Fix for vulnerability in zlib - CVE-2018-25032 - Community (flexera.com)

@kingraj Hotfix for InstallShield 2020 and 2019 is in the works and will be available in the same post as above. For versions below 2019, there are no plans to issue a hotfix and we strongly recommend to upgrade to a newer version.

vdonga
Moderator Moderator
Moderator
‎May 05, 2022 05:42 AM

Jump to solution

Hello @kingraj The article is updated with hotfix links for InstallShield 2020 R3 SP1 and 2019 R3

0 Kudos
HuanYang
Level 3
‎Sep 17, 2022 01:03 AM

Jump to solution

Where about InstallAnywhere?

0 Kudos
vdonga
Moderator Moderator
Moderator
In response to HuanYang
‎Jan 10, 2023 10:45 AM

Jump to solution

InstallAnywhere 2022 R2 released in Dec '22 has been upgraded to use the latest zlib library

0 Kudos