Security update for zziplib SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0561-1 Final 1 1 2018-02-27T21:34:09Z current 2018-02-27T21:34:09Z 2018-02-27T21:34:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for zziplib This update for zziplib to 0.13.67 contains multiple bug and security fixes: - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00110.html E-Mail link for openSUSE-SU-2018:0561-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libzzip-0-13-0.13.67-13.3.1 libzzip-0-13-32bit-0.13.67-13.3.1 zziplib-0.13.67-13.3.1 zziplib-devel-0.13.67-13.3.1 zziplib-devel-32bit-0.13.67-13.3.1 libzzip-0-13-0.13.67-13.3.1 as a component of openSUSE Leap 42.3 libzzip-0-13-32bit-0.13.67-13.3.1 as a component of openSUSE Leap 42.3 zziplib-0.13.67-13.3.1 as a component of openSUSE Leap 42.3 zziplib-devel-0.13.67-13.3.1 as a component of openSUSE Leap 42.3 zziplib-devel-32bit-0.13.67-13.3.1 as a component of openSUSE Leap 42.3 In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. CVE-2018-6381 openSUSE Leap 42.3:libzzip-0-13-0.13.67-13.3.1 openSUSE Leap 42.3:libzzip-0-13-32bit-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-devel-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-devel-32bit-0.13.67-13.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00110.html https://www.suse.com/security/cve/CVE-2018-6381.html CVE-2018-6381 https://bugzilla.suse.com/1078497 SUSE Bug 1078497 https://bugzilla.suse.com/1079094 SUSE Bug 1079094 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. CVE-2018-6484 openSUSE Leap 42.3:libzzip-0-13-0.13.67-13.3.1 openSUSE Leap 42.3:libzzip-0-13-32bit-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-devel-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-devel-32bit-0.13.67-13.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00110.html https://www.suse.com/security/cve/CVE-2018-6484.html CVE-2018-6484 https://bugzilla.suse.com/1078701 SUSE Bug 1078701 https://bugzilla.suse.com/1079094 SUSE Bug 1079094 https://bugzilla.suse.com/1079095 SUSE Bug 1079095 https://bugzilla.suse.com/1080546 SUSE Bug 1080546 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. CVE-2018-6540 openSUSE Leap 42.3:libzzip-0-13-0.13.67-13.3.1 openSUSE Leap 42.3:libzzip-0-13-32bit-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-devel-0.13.67-13.3.1 openSUSE Leap 42.3:zziplib-devel-32bit-0.13.67-13.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00110.html https://www.suse.com/security/cve/CVE-2018-6540.html CVE-2018-6540 https://bugzilla.suse.com/1079094 SUSE Bug 1079094 https://bugzilla.suse.com/1079096 SUSE Bug 1079096