Security advisory: Vulnerability to zlib memory corruption (CVE-2018-25032)

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. For further technical details see https://nvd.nist.gov/vuln/detail/CVE-2018-25032

The MSI files of the affected products can unpack ZIP files and the products themselves can compress log files as ZIP files, for example.

Affected versions

This vulnerability affects all previously released versions of ProCall 7 Enterprise and ProCall 6 Enterprise.

• 7.0, 7.1, 7.2, 7.3 (all sub-versions)
• 6.0, 6.1, 6.2, 6.3, 6.4 (all sub-versions)
• ProCall 5 Enterprise
• MetaDirectory 4 and MetaDirectory 5
• ECSTA 5 and ECSTA 6

ProCall Business 

• 21H2

Versions with bug fixes

estos is preparing updates with fixes for the vulnerability. Customers and partners can then obtain the updates via the known channels and follow the normal update process:

• ProCall Enterprise 7.4.1: Released 26/4/22
• ProCall Enterprise 6.4.25: Released 12/4/22
• ProCall Business 22H1: Released 28/4/22
• MetaDirectory 5.0.18: Released 21/4/22
• ECSTA 6.0.10: Released 9/5/22

No solution available

• ProCall 5 Enterprise
• MetaDirectory 4
• ECSTA 5

End-of-life

Please note the following: If you are using older estos product versions that are no longer supported (End-of-Life has been reached), we strongly recommend updating your software to the current versions for security reasons.
This is because security patches are only regularly developed and made available for current software versions.