AXSA:2020-278:02

Release date: 
Tuesday, September 1, 2020 - 03:45
Subject: 
zziplib-0.13.68-8.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

* zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.2 Release Notes linked from the References section.

CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. zziplib-0.13.68-8.el8.src.rpm
    MD5: d176a77af123c0dbd6580bcbfc5577f7
    SHA-256: 187ef2d84d371bee8f02cfdee86a2c3fdf3a7e1cfe363765b7d481773f935ede
    Size: 1.06 MB

Asianux Server 8 for x86_64
  1. zziplib-0.13.68-8.el8.x86_64.rpm
    MD5: 9e6131d8368fc8cddbd286493de9a012
    SHA-256: f70f28b4dacc6b4f194948bd3c64c2f2a963387a90b36abdf7b1ba45567b0708
    Size: 90.19 kB
  2. zziplib-utils-0.13.68-8.el8.x86_64.rpm
    MD5: 40dfaafb7d6e52972a4fe2e0df2b2124
    SHA-256: b403f0522758202903a9900bcec84b5104c699f2aa7faa453cd0b4a52236c217
    Size: 47.48 kB
Copyright© 2007-2015 Asianux. All rights reserved.