zziplib-0.13.62-12.el7
エラータID: AXSA:2020-4544:01
The zziplib is a lightweight library to easily extract data from zip files.
Security Fix(es):
* zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.
CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
Update packages.
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
N/A
SRPMS
- zziplib-0.13.62-12.el7.src.rpm
MD5: f0f4cb69618e20f0dfd98406d3c8172f
SHA-256: 9dc1436ce4fb399a7d04f484ca4903d907b33bbdc38c49ae07a549a7e76664b5
Size: 685.93 kB
Asianux Server 7 for x86_64
- zziplib-0.13.62-12.el7.x86_64.rpm
MD5: 087c7a469ae53616f662a614f32a9ab2
SHA-256: 884a4e9242f62e68e3fbccd62600db7076da84cccdcf2056b99935610df3eb3b
Size: 81.59 kB - zziplib-0.13.62-12.el7.i686.rpm
MD5: 34cdffdc3ecbb500dc7faed16d8d2c69
SHA-256: 845460540911b1b6017ff60a40a55301c4fcde699147d3c16c34bdb6aae31b23
Size: 82.13 kB