openSUSE-SU-2019:2396-1

Опубликовано: 28 окт. 2019

Источник: suse-cvrf

Описание

Security update for zziplib

This update for zziplib fixes the following issues:

Security issue fixed:

CVE-2018-16548: Prevented memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. (bsc#1107424)

Other issue addressed:

Prevented a division by zero (bsc#1129403).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libzzip-0-13-0.13.69-lp151.4.3.1

libzzip-0-13-32bit-0.13.69-lp151.4.3.1

zziplib-devel-0.13.69-lp151.4.3.1

zziplib-devel-32bit-0.13.69-lp151.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E562ZTKCTSQIFPO6LIBH6UUXQRLAAD5H/#E562ZTKCTSQIFPO6LIBH6UUXQRLAAD5H
E-Mail link for openSUSE-SU-2019:2396-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1107424
SUSE Bug 1107424
https://bugzilla.suse.com/1129403
SUSE Bug 1129403
https://www.suse.com/security/cve/CVE-2018-16548/
SUSE CVE CVE-2018-16548 page

Описание

An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

Затронутые продукты

openSUSE Leap 15.1:libzzip-0-13-0.13.69-lp151.4.3.1

openSUSE Leap 15.1:libzzip-0-13-32bit-0.13.69-lp151.4.3.1

openSUSE Leap 15.1:zziplib-devel-0.13.69-lp151.4.3.1

openSUSE Leap 15.1:zziplib-devel-32bit-0.13.69-lp151.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16548.html
CVE-2018-16548
https://bugzilla.suse.com/1107424
SUSE Bug 1107424

openSUSE-SU-2019:2396-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2018-16548

Описание

Затронутые продукты

Ссылки