Описание
ELSA-2019-2196: zziplib security update (LOW)
[0.13.62-11]
- Fix CVE-2018-6541
- Part of the original patch has already been applied in the past (CVE-2018-7726), so the bug should not be reproducible in a way described in the github issue, even without this commit. Applying the rest of the original patch anyway.
- https://github.com/gdraheim/zziplib/issues/16
- Related: CVE-2018-6541
[0.13.62-10]
- Fix CVE-2018-16548
- Resolves: CVE-2018-16548
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
zziplib
0.13.62-11.el7
zziplib-devel
0.13.62-11.el7
zziplib-utils
0.13.62-11.el7
Oracle Linux x86_64
zziplib
0.13.62-11.el7
zziplib-devel
0.13.62-11.el7
zziplib-utils
0.13.62-11.el7
Связанные CVE
Связанные уязвимости
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.