zziplib-0.13.62-12.el7

エラータID: AXSA:2020-4544:01

Release date: 
Thursday, April 2, 2020 - 05:44
Subject: 
zziplib-0.13.62-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

* zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.

Solution: 

Update packages.

CVEs: 
CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
Additional Info: 

N/A

Download: 

SRPMS
  1. zziplib-0.13.62-12.el7.src.rpm
    MD5: f0f4cb69618e20f0dfd98406d3c8172f
    SHA-256: 9dc1436ce4fb399a7d04f484ca4903d907b33bbdc38c49ae07a549a7e76664b5
    Size: 685.93 kB

Asianux Server 7 for x86_64
  1. zziplib-0.13.62-12.el7.x86_64.rpm
    MD5: 087c7a469ae53616f662a614f32a9ab2
    SHA-256: 884a4e9242f62e68e3fbccd62600db7076da84cccdcf2056b99935610df3eb3b
    Size: 81.59 kB
  2. zziplib-0.13.62-12.el7.i686.rpm
    MD5: 34cdffdc3ecbb500dc7faed16d8d2c69
    SHA-256: 845460540911b1b6017ff60a40a55301c4fcde699147d3c16c34bdb6aae31b23
    Size: 82.13 kB