File _patchinfo of Package patchinfo.6690
<patchinfo incident="6690"> <issue id="1024532" tracker="bnc">VUL-1: zziplib: NULL pointer dereference in main (unzzipcat-mem.c)</issue> <issue id="1024536" tracker="bnc">VUL-1: CVE-2017-5980: zziplib: NULL pointer dereference in zzip_mem_entry_new (memdisk.c)</issue> <issue id="1079096" tracker="bnc">VUL-0: CVE-2018-6540: zziplib: In ZZIPlib 0.13.67, there is a bus error caused by loading of a misalignedaddress in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackerscould leverage this vulnerability to cause a denial of</issue> <issue id="1034539" tracker="bnc">AzureAD Driver - Hybrid entitlement package version should be changed to 1.0.1 which is still 1.0.0</issue> <issue id="1078497" tracker="bnc">VUL-1: CVE-2018-6381 zziplib: Invalid memory access in the zzip_disk_fread function in zzip/mmapped.c</issue> <issue id="1078701" tracker="bnc">VUL-0: CVE-2018-6484: zziplib: memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c</issue> <issue id="2018-6484" tracker="cve" /> <issue id="2018-6540" tracker="cve" /> <issue id="2018-6381" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>jmoellers</packager> <description> This update for zziplib fixes the following issues: Version update to 0.13.67 contains lots of bug- and security fixes. - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) </description> <summary>Security update for zziplib</summary> </patchinfo>
