Описание
Security update for zziplib
This update for zziplib fixes the following issues:
Security issues fixed:
- CVE-2018-7726: There is a bus error caused by the__zzip_parse_root_directory function of zip.c. Attackers could leverage thisvulnerability to cause a denial of service (bsc#1084517).
- CVE-2018-7725: An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service (bsc#1084519).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
libzzip-0-13-0.13.67-13.6.1
libzzip-0-13-32bit-0.13.67-13.6.1
zziplib-0.13.67-13.6.1
zziplib-devel-0.13.67-13.6.1
zziplib-devel-32bit-0.13.67-13.6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0940-1
- SUSE Security Ratings
Описание
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
Затронутые продукты
openSUSE Leap 42.3:libzzip-0-13-0.13.67-13.6.1
openSUSE Leap 42.3:libzzip-0-13-32bit-0.13.67-13.6.1
openSUSE Leap 42.3:zziplib-0.13.67-13.6.1
openSUSE Leap 42.3:zziplib-devel-0.13.67-13.6.1
Ссылки
- CVE-2018-7725
- SUSE Bug 1084519
Описание
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Затронутые продукты
openSUSE Leap 42.3:libzzip-0-13-0.13.67-13.6.1
openSUSE Leap 42.3:libzzip-0-13-32bit-0.13.67-13.6.1
openSUSE Leap 42.3:zziplib-0.13.67-13.6.1
openSUSE Leap 42.3:zziplib-devel-0.13.67-13.6.1
Ссылки
- CVE-2018-7726
- SUSE Bug 1084517