Описание
Security update for zziplib
This update for zziplib fixes the following issues:
Security issues fixed:
- CVE-2018-7726: There is a bus error caused by the__zzip_parse_root_directory function of zip.c. Attackers could leverage thisvulnerability to cause a denial of service (bsc#1084517).
- CVE-2018-7725: An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service (bsc#1084519).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libzzip-0-13-0.13.67-10.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libzzip-0-13-0.13.67-10.8.1
zziplib-devel-0.13.67-10.8.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libzzip-0-13-0.13.67-10.8.1
Ссылки
- Link for SUSE-SU-2018:0919-1
- E-Mail link for SUSE-SU-2018:0919-1
- SUSE Security Ratings
- SUSE Bug 1084517
- SUSE Bug 1084519
- SUSE CVE CVE-2018-7725 page
- SUSE CVE CVE-2018-7726 page
Описание
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libzzip-0-13-0.13.67-10.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libzzip-0-13-0.13.67-10.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3:zziplib-devel-0.13.67-10.8.1
SUSE Linux Enterprise Workstation Extension 12 SP3:libzzip-0-13-0.13.67-10.8.1
Ссылки
- CVE-2018-7725
- SUSE Bug 1084519
Описание
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libzzip-0-13-0.13.67-10.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libzzip-0-13-0.13.67-10.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3:zziplib-devel-0.13.67-10.8.1
SUSE Linux Enterprise Workstation Extension 12 SP3:libzzip-0-13-0.13.67-10.8.1
Ссылки
- CVE-2018-7726
- SUSE Bug 1084517