Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 28 Update: Critical zziplib Bug Fix Released on 2018-237e9b550c

fedora
Calendar Grey July 31, 2018
Dist Fedora Esm H88
Revise mailing address entries to rectify recognized vulnerabilities in zziplib for Fedora 28, improving overall package robustness and reliability.
Update zziplib to 0.13.69 version, fixes all known CVEs for the package.

Summary

The zziplib library is intentionally lightweight, it offers the ability to

easily extract data from files archived in a single zip file. Applications

can bundle files into a single zip archive and access them. The implementation

is based only on the (free) subset of compression with the zlib algorithm

which is actually used by the zip/unzip tools.

Update zziplib to 0.13.69 version, fixes all known CVEs for the package.

* Mon Jul 23 2018 Alexander Bokovoy - 0.13.69-1

- Update to 0.13.69 release

- Fixes: #1598246 (CVE-2018-6541)

- Fixes: #1554673 (CVE-2018-7727)

- Use versioned python executables everywhere

* Sat Jul 14 2018 Fedora Release Engineering - 0.13.68-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Sun Mar 18 2018 Iryna Shcherbina - 0.13.68-2

- Update Python 2 dependency declarations to new packaging standards

[ 1 ] Bug #1422517 - CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 zziplib: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1422517

[ 2 ] Bug #1554673 - CVE-2018-7726 CVE-2018-7727 zziplib: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1554673

[ 3 ] Bug #1598246 - CVE-2018-6541 zziplib: bus error caused by loading of a misaligned address inzzip/zip.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1598246

su -c 'dnf upgrade --advisory FEDORA-2018-237e9b550c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6J523IVLVVPUEHRDYT54A5QOKM5XVTO/

Topics%20covered

Topics Covered

security advisory critical Fedora bug fix zziplib

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 0.13.69
Release: 1.fc28
URL:
Summary: Lightweight library to easily extract data from zip files

Topics%20covered

Topics Covered

security advisory critical Fedora bug fix zziplib

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here