Retour
-
Titre
Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11, CVE-2016-9843;CVE-2016-9842 and CVE-2022-37434 -
Description
Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11,
CVE-2016-9843
CVE-2016-9842
CVE-2016-9841
CVE-2022-37434
Versions affected by above Vulnerabilities
r12.1 SP1 GA29259 (64-bit)
r12.1 GA 29174 (64-bit)
r12.0 GA 28917 (64-bit)
r2021R1_23459(64 bit)
r2020R2.14677(64 bit) -
Cause
Erwin Data Modeler installs Open source Software (OSS) using Zlib 1.2.8
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=zlib&queryType=phrase&search_type=all&isCpeNameSearch=false
-
Résolution
For versions:
r12.1 GA 29174 (64-bit)
r12.0 GA 28917 (64-bit)
r2021R1_23459(64 bit)
r2020R2.14677(64 bit)
Please apply patch HERE
Steps to replace new DLL file :
1. Install any one of the above-mentioned DM build
2. Open installation folder “C:\Program Files\erwin\Data Modeler r9”
3. Replace “zlib128.dll” file with the latest version library attached here
4. Launch Erwin instance (Erwin instance should be closed before replacing the dll if it is opened)
For 12.1 SP1 GA build Build 29259 (64-bit). In addition to above solution, Please also replace zlib1.dll in same directory with This one