Synopsis: Low: zziplib security update Advisory ID: SLSA-2018:3229-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 -- Security Fix(es): * zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) * zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip (CVE-2018-7727) -- SL7 x86_64 zziplib-0.13.62-9.el7.i686.rpm zziplib-0.13.62-9.el7.x86_64.rpm zziplib-debuginfo-0.13.62-9.el7.i686.rpm zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm zziplib-devel-0.13.62-9.el7.i686.rpm zziplib-devel-0.13.62-9.el7.x86_64.rpm zziplib-utils-0.13.62-9.el7.x86_64.rpm - Scientific Linux Development Team