UbuntuUpdates.org

Package "zziplib-bin"

Name: zziplib-bin

Description:

library providing read access on ZIP-archives - binaries

Latest version: 0.13.62-3.1ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: zziplib
Homepage: http://zziplib.sourceforge.net

Links


Download "zziplib-bin"


Other versions of "zziplib-bin" in Bionic

Repository Area Version
base universe 0.13.62-3.1
updates universe 0.13.62-3.1ubuntu0.18.04.1

Changelog

Version: 0.13.62-3.1ubuntu0.18.04.1 2018-07-03 13:07:24 UTC

  zziplib (0.13.62-3.1ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

 -- Marc Deslauriers <email address hidden> Fri, 29 Jun 2018 11:26:58 -0400

CVE-2018-6381 In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size v
CVE-2018-6484 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could l
CVE-2018-6541 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_
CVE-2018-6869 In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attacker
CVE-2018-6540 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote atta
CVE-2018-7725 An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability c
CVE-2018-7726 An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverag



About   -   Send Feedback to @ubuntu_updates