openSUSE-SU-2018:3314-1

Опубликовано: 23 окт. 2018

Источник: suse-cvrf

Описание

Security update for zziplib

This update for zziplib fixes the following issues:

CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libzzip-0-13-0.13.69-lp150.2.3.1

libzzip-0-13-32bit-0.13.69-lp150.2.3.1

zziplib-0.13.69-lp150.2.3.1

zziplib-devel-0.13.69-lp150.2.3.1

zziplib-devel-32bit-0.13.69-lp150.2.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00046.html
E-Mail link for openSUSE-SU-2018:3314-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.

Затронутые продукты

openSUSE Leap 15.0:libzzip-0-13-0.13.69-lp150.2.3.1

openSUSE Leap 15.0:libzzip-0-13-32bit-0.13.69-lp150.2.3.1

openSUSE Leap 15.0:zziplib-0.13.69-lp150.2.3.1

openSUSE Leap 15.0:zziplib-devel-0.13.69-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-17828.html
CVE-2018-17828
https://bugzilla.suse.com/1110687
SUSE Bug 1110687

openSUSE-SU-2018:3314-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-17828

Описание

Затронутые продукты

Ссылки