Fedora: 2018-a24be2586d Critical: Zziplib Memory Access Issue
fedora
February 6, 2018
Security fix for CVE-2018-6381
Summary
The zziplib library is intentionally lightweight, it offers the ability to
easily extract data from files archived in a single zip file. Applications
can bundle files into a single zip archive and access them. The implementation
is based only on the (free) subset of compression with the zlib algorithm
which is actually used by the zip/unzip tools.
Security fix for CVE-2018-6381
[ 1 ] Bug #1540183 - CVE-2018-6381 zziplib: Invalid memory access in the zzip_disk_fread function in zzip/mmapped.c
https://bugzilla.redhat.com/show_bug.cgi?id=1540183
su -c 'dnf upgrade zziplib' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 27
Version: 0.13.67
Release: 1.fc27
URL:
Summary: Lightweight library to easily extract data from zip files
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!