{"affected":[{"ecosystem_specific":{"binaries":[{"libz1":"1.2.13-slfo.1.1_2.1","zlib-devel":"1.2.13-slfo.1.1_2.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"zlib","purl":"pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.2.13-slfo.1.1_2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for zlib fixes the following issues:\n\n- CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392)\n- CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378)\n","id":"SUSE-SU-2026:20659-1","modified":"2026-03-09T10:23:42Z","published":"2026-03-09T10:23:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620659-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216378"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258392"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45853"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27171"}],"related":["CVE-2023-45853","CVE-2026-27171"],"summary":"Security update for zlib","upstream":["CVE-2023-45853","CVE-2026-27171"]}