SUSE-SU-2018:0548-1: moderate: Security update for zziplib
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Feb 27 07:07:47 MST 2018
SUSE Security Update: Security update for zziplib
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0548-1
Rating: moderate
References: #1024532 #1024536 #1034539 #1078497 #1078701
#1079096
Cross-References: CVE-2018-6381 CVE-2018-6484 CVE-2018-6540
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________
An update that solves three vulnerabilities and has three
fixes is now available.
Description:
This update for zziplib fixes the following issues:
Version update to 0.13.67 contains lots of bug- and security fixes.
- If an extension block is too small to hold an extension, do not use the
information therein.
- CVE-2018-6540: If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of the
file, reject the file. (bsc#1079096)
- CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size
of the central directory and/or the offset of start of central directory
point beyond the end of the ZIP file. (bsc#1078701)
- CVE-2018-6381: If a file is uncompressed, compressed and uncompressed
sizes should be identical. (bsc#1078497)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP3:
zypper in -t patch SUSE-SLE-WE-12-SP3-2018-357=1
- SUSE Linux Enterprise Workstation Extension 12-SP2:
zypper in -t patch SUSE-SLE-WE-12-SP2-2018-357=1
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-357=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-357=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-357=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-357=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64):
libzzip-0-13-0.13.67-10.5.1
libzzip-0-13-debuginfo-0.13.67-10.5.1
zziplib-debugsource-0.13.67-10.5.1
- SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64):
libzzip-0-13-0.13.67-10.5.1
libzzip-0-13-debuginfo-0.13.67-10.5.1
zziplib-debugsource-0.13.67-10.5.1
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
libzzip-0-13-0.13.67-10.5.1
libzzip-0-13-debuginfo-0.13.67-10.5.1
zziplib-debugsource-0.13.67-10.5.1
zziplib-devel-0.13.67-10.5.1
zziplib-devel-debuginfo-0.13.67-10.5.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
libzzip-0-13-0.13.67-10.5.1
libzzip-0-13-debuginfo-0.13.67-10.5.1
zziplib-debugsource-0.13.67-10.5.1
zziplib-devel-0.13.67-10.5.1
zziplib-devel-debuginfo-0.13.67-10.5.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
libzzip-0-13-0.13.67-10.5.1
libzzip-0-13-debuginfo-0.13.67-10.5.1
zziplib-debugsource-0.13.67-10.5.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libzzip-0-13-0.13.67-10.5.1
libzzip-0-13-debuginfo-0.13.67-10.5.1
zziplib-debugsource-0.13.67-10.5.1
References:
https://www.suse.com/security/cve/CVE-2018-6381.html
https://www.suse.com/security/cve/CVE-2018-6484.html
https://www.suse.com/security/cve/CVE-2018-6540.html
https://bugzilla.suse.com/1024532
https://bugzilla.suse.com/1024536
https://bugzilla.suse.com/1034539
https://bugzilla.suse.com/1078497
https://bugzilla.suse.com/1078701
https://bugzilla.suse.com/1079096
More information about the sle-security-updates
mailing list