Fedora 27 Zziplib Security Update Critical: Memory Allocation Issues
fedora
February 20, 2018
Security fix for CVE-2018-6869, CVE-2018-6484
Summary
The zziplib library is intentionally lightweight, it offers the ability to
easily extract data from files archived in a single zip file. Applications
can bundle files into a single zip archive and access them. The implementation
is based only on the (free) subset of compression with the zlib algorithm
which is actually used by the zip/unzip tools.
Security fix for CVE-2018-6869, CVE-2018-6484
[ 1 ] Bug #1543941 - CVE-2018-6869 zziplib: uncontrolled memory allocation in __zzip_parse_root_directory in zzip/zip.c
https://bugzilla.redhat.com/show_bug.cgi?id=1543941
su -c 'dnf upgrade zziplib' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 27
Version: 0.13.68
Release: 1.fc27
URL:
Summary: Lightweight library to easily extract data from zip files
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!