cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
danielkfl
Level 3

Zlib < v1.2.11 vulnerability

Jump to solution

Hi Everyone,

We received a CVSS 7.5 rated finding in our open source scans, which is related to zlib. https://nvd.nist.gov/vuln/detail/CVE-2018-25032

As far as I know InstallShield uses zlib as an oss component. Is there a hotfix in plan already? The fix came out recently by zlib.(zlib 1.2.12 - March 27, 2022)

Best regards,
Daniel

 

Labels (1)
0 Kudos
(1) Solution
vdonga
Moderator Moderator
Moderator

Hello @danielkfl , @svengalamr 

Hotfix for InstallShield 2021 is released. For details and download links, please refer to this article HOTFIX: Fix for vulnerability in zlib - CVE-2018-25032 - Community (flexera.com)

@kingraj Hotfix for InstallShield 2020 and 2019 is in the works and will be available in the same post as above. For versions below 2019, there are no plans to issue a hotfix and we strongly recommend to upgrade to a newer version.

View solution in original post

(7) Replies
vdonga
Moderator Moderator
Moderator

Hello Daniel,

Thanks for highlighting this. Our engineering team is working on a resolution for this issue for InstallShield 2021 and hopeful to issue a hotfix on or before 22-Apr-2022.

Please reach out to our support team, in case you have any further questions.

Thank you !

Hi,

When can we expect hotfix for InstallShield 2018 or 2019 version.

Thanks,

0 Kudos

Hi @vdonga .

Good day..

Can you please let us know when can we expect the patch/SP for Installshield 2020

0 Kudos
vdonga
Moderator Moderator
Moderator

Hello @danielkfl , @svengalamr 

Hotfix for InstallShield 2021 is released. For details and download links, please refer to this article HOTFIX: Fix for vulnerability in zlib - CVE-2018-25032 - Community (flexera.com)

@kingraj Hotfix for InstallShield 2020 and 2019 is in the works and will be available in the same post as above. For versions below 2019, there are no plans to issue a hotfix and we strongly recommend to upgrade to a newer version.

vdonga
Moderator Moderator
Moderator

Hello @kingraj The article is updated with hotfix links for InstallShield 2020 R3 SP1 and 2019 R3

0 Kudos
HuanYang
Level 3

Where about InstallAnywhere?

0 Kudos

InstallAnywhere 2022 R2 released in Dec '22 has been upgraded to use the latest zlib library

0 Kudos