zziplib-0.13.62-11.el7
エラータID: AXSA:2019-4047:01
The zziplib is a lightweight library to easily extract data from zip files.
Security Fix(es):
* zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541)
* zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-16548
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
CVE-2018-6541
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Update packages.
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
N/A
SRPMS
- zziplib-0.13.62-11.el7.src.rpm
MD5: 259917411ab9545367ec1a1be92d146c
SHA-256: 5a94ea08a8782c17b9457e475df49f928798e64b81d445333c52296c2cc8fd37
Size: 684.85 kB
Asianux Server 7 for x86_64
- zziplib-0.13.62-11.el7.x86_64.rpm
MD5: 52adfb8d67399dc88f13f248899aeec4
SHA-256: a72ef32c170df0ffafa66081ac7c8a7186cc578fe8b0440afc759d8dc71548b6
Size: 81.41 kB - zziplib-0.13.62-11.el7.i686.rpm
MD5: d3fcfa8d158be8b2b2ccae170ac8aedb
SHA-256: 5bf00f3a4e228cf6509e8770dfad3cda974d1eb46d71e512b0303e50724791c2
Size: 81.95 kB
日本語