LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Low: zziplib security update
Advisory ID:       SLSA-2018:3229-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2018-7725
                   CVE-2018-7726
                   CVE-2018-7727
--

Security Fix(es):

* zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
(CVE-2018-7725)

* zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash
via crafted zip file (CVE-2018-7726)

* zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial
of service via crafted zip (CVE-2018-7727)
--

SL7
  x86_64
    zziplib-0.13.62-9.el7.i686.rpm
    zziplib-0.13.62-9.el7.x86_64.rpm
    zziplib-debuginfo-0.13.62-9.el7.i686.rpm
    zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm
    zziplib-devel-0.13.62-9.el7.i686.rpm
    zziplib-devel-0.13.62-9.el7.x86_64.rpm
    zziplib-utils-0.13.62-9.el7.x86_64.rpm

- Scientific Linux Development Team