Описание
Security update for zziplib
This update for zziplib fixes the following issues:
- CVE-2018-17828: Remove any '../' components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libzzip-0-13-0.13.67-10.14.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libzzip-0-13-0.13.67-10.14.1
zziplib-devel-0.13.67-10.14.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libzzip-0-13-0.13.67-10.14.1
Ссылки
- Link for SUSE-SU-2018:3379-1
- E-Mail link for SUSE-SU-2018:3379-1
- SUSE Security Ratings
- SUSE Bug 1110687
- SUSE CVE CVE-2018-17828 page
Описание
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libzzip-0-13-0.13.67-10.14.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libzzip-0-13-0.13.67-10.14.1
SUSE Linux Enterprise Software Development Kit 12 SP3:zziplib-devel-0.13.67-10.14.1
SUSE Linux Enterprise Workstation Extension 12 SP3:libzzip-0-13-0.13.67-10.14.1
Ссылки
- CVE-2018-17828
- SUSE Bug 1110687