# FreeBSD 11.3 having zlib 1.2.11 (libz.so.6).



## rahupcr (Apr 24, 2022)

Hi Team,

currently, FreeBSD 11.3 is used for our application.

As part of security scans we found one vulnerability on zlib which is part of the OS ( libz.so.6 - which is 1.2.11 version)

on Mar 27 2022 there was a vulnerability on 1.2.11 version CVE-2018-25032

is there a possibility to upgrade the zlib version to 1.2.12  on FreeBSD 11.3 OS.

we cant upgrade FreeBSD as many of our customers are having tight dependency on this OS.

any inputs on this will be helpful

Thanks,
Raghu


----------



## Alexander88207 (Apr 24, 2022)

Hello,

FreeBSD version 11.3 is EOL since September 30, 2020.

You should upgrade to 12.3 or newer (At this time of writing).

If you do not want to update you put yourself and others in danger.


----------



## rahupcr (Apr 24, 2022)

ok thank you Alexander. but for now we have lot of customers who are using FreeBSD 11.3 
is there any way now?


----------



## covacat (Apr 24, 2022)

you may try to apply of the provided patch and rebuild zlib


			https://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc
		

see 2) To update your vulnerable system via a source code patch:


----------



## rahupcr (Apr 25, 2022)

covacat said:


> you may try to apply of the provided patch and rebuild zlib
> 
> 
> https://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc
> ...


Thans you we will try this option once


----------

