Overview

File _patchinfo of Package patchinfo.9199

<patchinfo incident="9199">
  <issue tracker="bnc" id="1107424">VUL-1: CVE-2018-16548: zziplib: memory leak triggered in the function __zzip_parse_root_directory in zip.c</issue>
  <issue tracker="bnc" id="1084515">VUL-1: CVE-2018-7727: zziplib: There is a memory leak triggered inthe function zzip_mem_disk_new in memdisk.c, which will lead to a denial ofservice attack.</issue>
  <issue tracker="bnc" id="1129403">libzzip-devel - unzip-mem -v show core dump</issue>
  <issue tracker="cve" id="2018-16548"/>
  <issue tracker="cve" id="2018-7727"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>jmoellers</packager>
  <description>This update for zziplib fixes the following issues:

Security issues fixed:

- CVE-2018-16548: Avoid a memory leak from __zzip_parse_root_directory() which could lead to denial of service. (bsc#1107424)
- CVE-2018-7727: Fixed a memory leak in unzzip_cat() (bsc#1084515).

Non-security issue fixed:

- Prevented division by zero by first checking if uncompressed size
  is 0. This may happen with directories which have a compressed
  and uncompressed size of 0. (bsc#1129403)
</description>
  <summary>Security update for zziplib</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places