Описание
Security update for zziplib
This update for zziplib to 0.13.67 contains multiple bug and security fixes:
- If an extension block is too small to hold an extension, do not use the information therein.
- CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096)
- CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701)
- CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0561-1
- SUSE Security Ratings
Описание
In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
Затронутые продукты
Ссылки
- CVE-2018-6381
- SUSE Bug 1078497
- SUSE Bug 1079094
Описание
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Затронутые продукты
Ссылки
- CVE-2018-6484
- SUSE Bug 1078701
- SUSE Bug 1079094
- SUSE Bug 1079095
- SUSE Bug 1080546
Описание
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Затронутые продукты
Ссылки
- CVE-2018-6540
- SUSE Bug 1079094
- SUSE Bug 1079096