Notification
Risk classification
HIPER (High Impact and/or Pervasive)
Risk categories
Data Loss
Abstract
Potential undetected data loss by using zlibNX
Description
The zlibNX library using hardware acceleration compression on Power9/Power10 can generate incorrect compressed files that can't be uncompressed, resulting in potential undetected data loss if the original uncompressed data is no longer available. At the time of compression, there is a rare error path that will generate incorrect compressed data with no error or warning reported, and the resulting file cannot be uncompressed. This issue has been seen with DB2 compression and standard compress tools such as pigz, but can be seen with any application that uses zlibNX.
Recommended Action
Minimum Affected Level | Maximum Affected Level | Fixing Level | Interim Fix* |
---|---|---|---|
AIX 7300-01-00
zlibNX.rte 7.3.1.0
|
AIX 7300-01-02-2320
zlibNX.rte 7.3.1.1
|
AIX 7300-01-03
|
iFix |
AIX 7300-00-00
zlibNX.rte 7.3.0.0
|
AIX 7300-00-04-2320
zlibNX.rte 7.3.0.3
|
N/A
|
iFix |
AIX 7200-05-00
zlibNX.rte 7.2.4.0
|
AIX 7200-05-06-2320
zlibNX.rte 7.2.4.9
|
AIX 7200-05-07
|
iFix |
*For applicable levels, the HIPER ifixes in this column include the zlibNX security vulnerability fixes from: https://aix.software.ibm.com/aix/efixes/security/zlib_advisory2.asc
This table describes which active levels are affected and where to obtain fixes.
Before the APAR fix is available, an interim fix (iFix) is available for each affected level.
The available interim fixes might apply only to the latest Service Packs. If a custom interim fix is required, contact IBM Support. The interim fixes can be downloaded from the same location by using HTTPS or FTPS.
Date first published
11 September 2023
Was this topic helpful?
Document Information
Modified date:
06 October 2023
UID
ibm17028659