LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

November 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA November 2018

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: zziplib on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 26 Nov 2018 18:22:12 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (32 lines)

Synopsis:          Low: zziplib security update
Advisory ID:       SLSA-2018:3229-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-7725
                   CVE-2018-7726
                   CVE-2018-7727
--

Security Fix(es):

* zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
(CVE-2018-7725)

* zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash
via crafted zip file (CVE-2018-7726)

* zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial
of service via crafted zip (CVE-2018-7727)
--

SL7
  x86_64
    zziplib-0.13.62-9.el7.i686.rpm
    zziplib-0.13.62-9.el7.x86_64.rpm
    zziplib-debuginfo-0.13.62-9.el7.i686.rpm
    zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm
    zziplib-devel-0.13.62-9.el7.i686.rpm
    zziplib-devel-0.13.62-9.el7.x86_64.rpm
    zziplib-utils-0.13.62-9.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV