Security update for zziplib
This update for zziplib fixes the following issues:
Security issues fixed:
- CVE-2018-7726: There is a bus error caused by the__zzip_parse_root_directory function of zip.c. Attackers could leverage thisvulnerability to cause a denial of service (bsc#1084517).
- CVE-2018-7725: An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service (bsc#1084519).
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Josef Möllers (jmoellers)
Fixed bugs
bnc#1084517
VUL-1: CVE-2018-7726: zziplib: There is a bus error caused by the__zzip_parse_root_directory function of zip.c. Attackers could leverage thisvulnerability to cause a denial of service
bnc#1084519
VUL-1: CVE-2018-7725: zziplib: An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service
