Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:3229 - Security Advisory
Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3229 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: zziplib security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for zziplib is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

  • zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725)
  • zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726)
  • zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip (CVE-2018-7727)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1554662 - CVE-2018-7725 zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash
  • BZ - 1554672 - CVE-2018-7726 zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file
  • BZ - 1554676 - CVE-2018-7727 zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip

CVEs

  • CVE-2018-7725
  • CVE-2018-7726
  • CVE-2018-7727

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
x86_64
zziplib-0.13.62-9.el7.i686.rpm SHA-256: cc283e824fc74afa6473558056b9e9c222d1d84a8609efdb9bf27e0f5d43f762
zziplib-0.13.62-9.el7.x86_64.rpm SHA-256: d4b2583adf3e1c35ca302a7dd688ddfe25636d469b0ee9ebc57e7c5709315b45
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-devel-0.13.62-9.el7.i686.rpm SHA-256: c6e64d7ae30b55c5d3d0b223df07d82e30582110e8745faec149d757df6889cc
zziplib-devel-0.13.62-9.el7.x86_64.rpm SHA-256: abfb1531a5920b8417e80de1b79200e3e332d64bc9f9389d67b14ce3b3da0288
zziplib-utils-0.13.62-9.el7.x86_64.rpm SHA-256: 3fcd810a50ec97ce9b97cc8606de450044864b687377efc7dd63db94aa37994b

Red Hat Enterprise Linux Workstation 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
x86_64
zziplib-0.13.62-9.el7.i686.rpm SHA-256: cc283e824fc74afa6473558056b9e9c222d1d84a8609efdb9bf27e0f5d43f762
zziplib-0.13.62-9.el7.x86_64.rpm SHA-256: d4b2583adf3e1c35ca302a7dd688ddfe25636d469b0ee9ebc57e7c5709315b45
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-devel-0.13.62-9.el7.i686.rpm SHA-256: c6e64d7ae30b55c5d3d0b223df07d82e30582110e8745faec149d757df6889cc
zziplib-devel-0.13.62-9.el7.x86_64.rpm SHA-256: abfb1531a5920b8417e80de1b79200e3e332d64bc9f9389d67b14ce3b3da0288
zziplib-utils-0.13.62-9.el7.x86_64.rpm SHA-256: 3fcd810a50ec97ce9b97cc8606de450044864b687377efc7dd63db94aa37994b

Red Hat Enterprise Linux Desktop 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
x86_64
zziplib-0.13.62-9.el7.i686.rpm SHA-256: cc283e824fc74afa6473558056b9e9c222d1d84a8609efdb9bf27e0f5d43f762
zziplib-0.13.62-9.el7.x86_64.rpm SHA-256: d4b2583adf3e1c35ca302a7dd688ddfe25636d469b0ee9ebc57e7c5709315b45
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-devel-0.13.62-9.el7.i686.rpm SHA-256: c6e64d7ae30b55c5d3d0b223df07d82e30582110e8745faec149d757df6889cc
zziplib-devel-0.13.62-9.el7.x86_64.rpm SHA-256: abfb1531a5920b8417e80de1b79200e3e332d64bc9f9389d67b14ce3b3da0288
zziplib-utils-0.13.62-9.el7.x86_64.rpm SHA-256: 3fcd810a50ec97ce9b97cc8606de450044864b687377efc7dd63db94aa37994b

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
s390x
zziplib-0.13.62-9.el7.s390.rpm SHA-256: 8258e6ae64d997e20702799736333b3247999d548e9a7aa4cff8beb50e9d8ff7
zziplib-0.13.62-9.el7.s390x.rpm SHA-256: acaaa45138cf50d33c982997d3ded0ddbf9ea8bfdfc3f7473ddf13b5500b8c25
zziplib-debuginfo-0.13.62-9.el7.s390.rpm SHA-256: 64c730b0ca18664bffe8348deabbc30c15983f7e1ba93bd5de9c977636dfaded
zziplib-debuginfo-0.13.62-9.el7.s390.rpm SHA-256: 64c730b0ca18664bffe8348deabbc30c15983f7e1ba93bd5de9c977636dfaded
zziplib-debuginfo-0.13.62-9.el7.s390x.rpm SHA-256: 949d164106d42002949143d2844f4846d607b28781acd2608608e4d673f79236
zziplib-debuginfo-0.13.62-9.el7.s390x.rpm SHA-256: 949d164106d42002949143d2844f4846d607b28781acd2608608e4d673f79236
zziplib-devel-0.13.62-9.el7.s390.rpm SHA-256: 4f303b1d7049087a5996793f360d72ea945c98051e4bb4991623877c66c88ad4
zziplib-devel-0.13.62-9.el7.s390x.rpm SHA-256: ba13a9e89b49a643228fe72373cefa3791276b663135e718d97e188f011cb9ae
zziplib-utils-0.13.62-9.el7.s390x.rpm SHA-256: 8202d6fcfcb53e5b6d929f3778bfcbeb466aeba89ee1538f398e2b6cdc4e181a

Red Hat Enterprise Linux for Power, big endian 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
ppc64
zziplib-0.13.62-9.el7.ppc.rpm SHA-256: de56e64d34f06752b598dc4154ec7a1958b982d301d5bacdf4535750135593c0
zziplib-0.13.62-9.el7.ppc64.rpm SHA-256: 1e270a379c4433bb98075d69c78039cf58673d2881b960fcc63dfd00bc327243
zziplib-debuginfo-0.13.62-9.el7.ppc.rpm SHA-256: 5b4288acbae09ba47a4e43d9dfc22cb2050a020fe91bf7f8e8e4e343ea8637bb
zziplib-debuginfo-0.13.62-9.el7.ppc.rpm SHA-256: 5b4288acbae09ba47a4e43d9dfc22cb2050a020fe91bf7f8e8e4e343ea8637bb
zziplib-debuginfo-0.13.62-9.el7.ppc64.rpm SHA-256: b80c06434c7dee2dc40cc02ff70e4549e2b23da48d988e7d12a1fd728ef4a8a2
zziplib-debuginfo-0.13.62-9.el7.ppc64.rpm SHA-256: b80c06434c7dee2dc40cc02ff70e4549e2b23da48d988e7d12a1fd728ef4a8a2
zziplib-devel-0.13.62-9.el7.ppc.rpm SHA-256: 67bd5410e9f7b89a3542f8c2e6971ff062ed02ebef8b1cdf4505c8958b2981fc
zziplib-devel-0.13.62-9.el7.ppc64.rpm SHA-256: 3b2ac4cbf54232c45acad8a2cf9098711ef7dd134f703bd5d73e2927b3ff4689
zziplib-utils-0.13.62-9.el7.ppc64.rpm SHA-256: 7b59ae929a3bcefec6ea00ef485d199738653d6bf4a2999b8b7c3e3a6b1a89dd

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
x86_64
zziplib-0.13.62-9.el7.i686.rpm SHA-256: cc283e824fc74afa6473558056b9e9c222d1d84a8609efdb9bf27e0f5d43f762
zziplib-0.13.62-9.el7.x86_64.rpm SHA-256: d4b2583adf3e1c35ca302a7dd688ddfe25636d469b0ee9ebc57e7c5709315b45
zziplib-debuginfo-0.13.62-9.el7.i686.rpm SHA-256: 725bbd4137732897669e2514ef5da7b35f8ce4958bb201fe55e5b2b3dc01b9c9
zziplib-debuginfo-0.13.62-9.el7.x86_64.rpm SHA-256: 4323cc0ce26c102c81c17139f72ad36c40d8cf64f32dd8fd37dc5535e716a037
zziplib-devel-0.13.62-9.el7.i686.rpm SHA-256: c6e64d7ae30b55c5d3d0b223df07d82e30582110e8745faec149d757df6889cc
zziplib-devel-0.13.62-9.el7.x86_64.rpm SHA-256: abfb1531a5920b8417e80de1b79200e3e332d64bc9f9389d67b14ce3b3da0288
zziplib-utils-0.13.62-9.el7.x86_64.rpm SHA-256: 3fcd810a50ec97ce9b97cc8606de450044864b687377efc7dd63db94aa37994b

Red Hat Enterprise Linux for Power, little endian 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
ppc64le
zziplib-0.13.62-9.el7.ppc64le.rpm SHA-256: dcf4cc55ce0c40d060245c8d9063077bdb835b4e4da520b84fe2462696813156
zziplib-debuginfo-0.13.62-9.el7.ppc64le.rpm SHA-256: ef74635113e37dd230fccc2bbf114f2b0496d722421a5383b91505b7010d2b39
zziplib-debuginfo-0.13.62-9.el7.ppc64le.rpm SHA-256: ef74635113e37dd230fccc2bbf114f2b0496d722421a5383b91505b7010d2b39
zziplib-devel-0.13.62-9.el7.ppc64le.rpm SHA-256: c2341468d21a15578211096fee521a7ea9900089cfa88f851aecd377d6fa4be0
zziplib-utils-0.13.62-9.el7.ppc64le.rpm SHA-256: 2012f93adeb50cb4d73cbb9ae3f8243e01c180b188e4e84046cff3968ed1e520

Red Hat Enterprise Linux for ARM 64 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
aarch64
zziplib-0.13.62-9.el7.aarch64.rpm SHA-256: 36f017e0a0e08f8e0acee7b37e799dc4de7271faf8fe69dcb42bc549fb4184e8
zziplib-debuginfo-0.13.62-9.el7.aarch64.rpm SHA-256: 3ec70506aa0b7448958344af85c61930f1b62112558ac9d160d0b9d45660f2c4
zziplib-debuginfo-0.13.62-9.el7.aarch64.rpm SHA-256: 3ec70506aa0b7448958344af85c61930f1b62112558ac9d160d0b9d45660f2c4
zziplib-devel-0.13.62-9.el7.aarch64.rpm SHA-256: 7ed5d4e44e26ddc35dca93b7c41ea933e87fb19cdbbd632f1dc0fd6bd0df7c1b
zziplib-utils-0.13.62-9.el7.aarch64.rpm SHA-256: cb371bf39db9b3295dffc0dd06dbbeddbb2b77753c85be138e7597f52fe6f552

Red Hat Enterprise Linux for Power 9 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
ppc64le
zziplib-0.13.62-9.el7.ppc64le.rpm SHA-256: dcf4cc55ce0c40d060245c8d9063077bdb835b4e4da520b84fe2462696813156
zziplib-debuginfo-0.13.62-9.el7.ppc64le.rpm SHA-256: ef74635113e37dd230fccc2bbf114f2b0496d722421a5383b91505b7010d2b39
zziplib-debuginfo-0.13.62-9.el7.ppc64le.rpm SHA-256: ef74635113e37dd230fccc2bbf114f2b0496d722421a5383b91505b7010d2b39
zziplib-devel-0.13.62-9.el7.ppc64le.rpm SHA-256: c2341468d21a15578211096fee521a7ea9900089cfa88f851aecd377d6fa4be0
zziplib-utils-0.13.62-9.el7.ppc64le.rpm SHA-256: 2012f93adeb50cb4d73cbb9ae3f8243e01c180b188e4e84046cff3968ed1e520

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
zziplib-0.13.62-9.el7.src.rpm SHA-256: 0aa60be43f4a18500c399308fe2069a54a235c447287dc3e3882939ba8178f85
s390x
zziplib-0.13.62-9.el7.s390.rpm SHA-256: 8258e6ae64d997e20702799736333b3247999d548e9a7aa4cff8beb50e9d8ff7
zziplib-0.13.62-9.el7.s390x.rpm SHA-256: acaaa45138cf50d33c982997d3ded0ddbf9ea8bfdfc3f7473ddf13b5500b8c25
zziplib-debuginfo-0.13.62-9.el7.s390.rpm SHA-256: 64c730b0ca18664bffe8348deabbc30c15983f7e1ba93bd5de9c977636dfaded
zziplib-debuginfo-0.13.62-9.el7.s390.rpm SHA-256: 64c730b0ca18664bffe8348deabbc30c15983f7e1ba93bd5de9c977636dfaded
zziplib-debuginfo-0.13.62-9.el7.s390x.rpm SHA-256: 949d164106d42002949143d2844f4846d607b28781acd2608608e4d673f79236
zziplib-debuginfo-0.13.62-9.el7.s390x.rpm SHA-256: 949d164106d42002949143d2844f4846d607b28781acd2608608e4d673f79236
zziplib-devel-0.13.62-9.el7.s390.rpm SHA-256: 4f303b1d7049087a5996793f360d72ea945c98051e4bb4991623877c66c88ad4
zziplib-devel-0.13.62-9.el7.s390x.rpm SHA-256: ba13a9e89b49a643228fe72373cefa3791276b663135e718d97e188f011cb9ae
zziplib-utils-0.13.62-9.el7.s390x.rpm SHA-256: 8202d6fcfcb53e5b6d929f3778bfcbeb466aeba89ee1538f398e2b6cdc4e181a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter