Описание
Security update for zziplib
This update for zziplib fixes the following issues:
Security issues fixed:
- CVE-2018-16548: Avoid a memory leak from __zzip_parse_root_directory() which could lead to denial of service. (bsc#1107424)
- CVE-2018-7727: Fixed a memory leak in unzzip_cat() (bsc#1084515).
Non-security issue fixed:
- Prevented division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. (bsc#1129403)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
libzzip-0-13-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libzzip-0-13-0.13.67-10.25.1
zziplib-devel-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libzzip-0-13-0.13.67-10.25.1
zziplib-devel-0.13.67-10.25.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libzzip-0-13-0.13.67-10.25.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libzzip-0-13-0.13.67-10.25.1
Ссылки
- Link for SUSE-SU-2019:3341-1
- E-Mail link for SUSE-SU-2019:3341-1
- SUSE Security Ratings
- SUSE Bug 1084515
- SUSE Bug 1107424
- SUSE Bug 1129403
- SUSE CVE CVE-2018-16548 page
- SUSE CVE CVE-2018-7727 page
Описание
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libzzip-0-13-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP4:libzzip-0-13-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP4:zziplib-devel-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libzzip-0-13-0.13.67-10.25.1
Ссылки
- CVE-2018-16548
- SUSE Bug 1107424
Описание
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libzzip-0-13-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP4:libzzip-0-13-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP4:zziplib-devel-0.13.67-10.25.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libzzip-0-13-0.13.67-10.25.1
Ссылки
- CVE-2018-7727
- SUSE Bug 1084515