Synopsis: Low: zziplib security update
Advisory ID: SLSA-2018:3229-1
Issue Date: 2018-10-30
CVE Numbers: CVE-2018-7725
CVE-2018-7726
CVE-2018-7727
—
Security Fix(es):
* zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
(CVE-2018-7725)
* zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash
via crafted zip file (CVE-2018-7726)
* zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial
of service via crafted zip (CVE-2018-7727)
—
SL7
x86_64
zziplib-0.13.62-9.el7.i686.rpm
zziplib-0.13.62-9.el7.x86_64.rpm
zziplib-debuginfo-0.13.62-9.el7.i686.rpm
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm
zziplib-devel-0.13.62-9.el7.i686.rpm
zziplib-devel-0.13.62-9.el7.x86_64.rpm
zziplib-utils-0.13.62-9.el7.x86_64.rpm
– Scientific Linux Development Team
