zziplib-0.13.62-9.el7

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

* zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725)

* zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726)

* zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip (CVE-2018-7727)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-7725
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address
dereference was discovered in zzip_disk_fread in mmapped.c. The
vulnerability causes an application crash, which leads to denial of
service.
CVE-2018-7726
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused
by the __zzip_parse_root_directory function of zip.c. Attackers could
leverage this vulnerability to cause a denial of service via a crafted
zip file.
CVE-2018-7727
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak
triggered in the function zzip_mem_disk_new in memdisk.c, which will
lead to a denial of service attack.