Red Hat Product Errata RHSA-2019:2196 - Security Advisory

Issued:: 2019-08-06
Updated:: 2019-08-06

RHSA-2019:2196 - Security Advisory

Overview
Updated Packages

Synopsis

Low: zziplib security update

Type/Severity

Security Advisory: Low

Topic

An update for zziplib is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541)
zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1598244 - CVE-2018-6541 zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c
BZ - 1626200 - CVE-2018-16548 zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
x86_64
zziplib-0.13.62-11.el7.i686.rpm	SHA-256: 84668abe5fa808318462f930b9a71c4b062ca953a25cb9c2c59a6a757054148f
zziplib-0.13.62-11.el7.x86_64.rpm	SHA-256: e56cf30d078ebdd41cc21a4b19a40286659c54b6e5ac3a8d4650572a0e1a1553
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-devel-0.13.62-11.el7.i686.rpm	SHA-256: 68bff0df1758a9a244c660850fc536b549717c42c1233d12b9aecaa12616d8e6
zziplib-devel-0.13.62-11.el7.x86_64.rpm	SHA-256: f61ccb741b95e5a5ce4958ae983dcbc65ca27b98eb3e248795dd43b9cd60f534
zziplib-utils-0.13.62-11.el7.x86_64.rpm	SHA-256: 44c681d7a71b9fdd6b972a717b24d531f8070b72e6d0b32d90c0f63efb998db5

Red Hat Enterprise Linux Workstation 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
x86_64
zziplib-0.13.62-11.el7.i686.rpm	SHA-256: 84668abe5fa808318462f930b9a71c4b062ca953a25cb9c2c59a6a757054148f
zziplib-0.13.62-11.el7.x86_64.rpm	SHA-256: e56cf30d078ebdd41cc21a4b19a40286659c54b6e5ac3a8d4650572a0e1a1553
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-devel-0.13.62-11.el7.i686.rpm	SHA-256: 68bff0df1758a9a244c660850fc536b549717c42c1233d12b9aecaa12616d8e6
zziplib-devel-0.13.62-11.el7.x86_64.rpm	SHA-256: f61ccb741b95e5a5ce4958ae983dcbc65ca27b98eb3e248795dd43b9cd60f534
zziplib-utils-0.13.62-11.el7.x86_64.rpm	SHA-256: 44c681d7a71b9fdd6b972a717b24d531f8070b72e6d0b32d90c0f63efb998db5

Red Hat Enterprise Linux Desktop 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
x86_64
zziplib-0.13.62-11.el7.i686.rpm	SHA-256: 84668abe5fa808318462f930b9a71c4b062ca953a25cb9c2c59a6a757054148f
zziplib-0.13.62-11.el7.x86_64.rpm	SHA-256: e56cf30d078ebdd41cc21a4b19a40286659c54b6e5ac3a8d4650572a0e1a1553
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-devel-0.13.62-11.el7.i686.rpm	SHA-256: 68bff0df1758a9a244c660850fc536b549717c42c1233d12b9aecaa12616d8e6
zziplib-devel-0.13.62-11.el7.x86_64.rpm	SHA-256: f61ccb741b95e5a5ce4958ae983dcbc65ca27b98eb3e248795dd43b9cd60f534
zziplib-utils-0.13.62-11.el7.x86_64.rpm	SHA-256: 44c681d7a71b9fdd6b972a717b24d531f8070b72e6d0b32d90c0f63efb998db5

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
s390x
zziplib-0.13.62-11.el7.s390.rpm	SHA-256: 0e10ff5d0b51967d0526e7635a509135f64cdd5b534d4136fc901382fd39804e
zziplib-0.13.62-11.el7.s390x.rpm	SHA-256: bfb52687965d12e7b9462e3580d39345cc033be43bd2d1205d494edb763251be
zziplib-debuginfo-0.13.62-11.el7.s390.rpm	SHA-256: a5ff57b9ddfd2635760f09df6e4265ade55efe17c0169518f21588e4391a3f3f
zziplib-debuginfo-0.13.62-11.el7.s390.rpm	SHA-256: a5ff57b9ddfd2635760f09df6e4265ade55efe17c0169518f21588e4391a3f3f
zziplib-debuginfo-0.13.62-11.el7.s390x.rpm	SHA-256: cb7b0dd97d0c52427df7bcc1aae29b291109a866cc77a97e85fc03e680019489
zziplib-debuginfo-0.13.62-11.el7.s390x.rpm	SHA-256: cb7b0dd97d0c52427df7bcc1aae29b291109a866cc77a97e85fc03e680019489
zziplib-devel-0.13.62-11.el7.s390.rpm	SHA-256: dbd63c680a5c937b36900b2f34188adf52a60778013b055c938f4bfa80f72220
zziplib-devel-0.13.62-11.el7.s390x.rpm	SHA-256: 410159b2c6c65747f09e10eae5d44330726d41396646b40485e5df8b9be8d4be
zziplib-utils-0.13.62-11.el7.s390x.rpm	SHA-256: f11ac93cda69f41e7b8a5e4edbd40f0a2f446f1f5bbc6ecdc837e66a485bff35

Red Hat Enterprise Linux for Power, big endian 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
ppc64
zziplib-0.13.62-11.el7.ppc.rpm	SHA-256: bfc98bf4ecb3fd7efd0abf37f3a39f91cc8753c820915c0cd50cb683825849bb
zziplib-0.13.62-11.el7.ppc64.rpm	SHA-256: f81ffeb760a724aade3a1a758ba92be15e0ce8b493eaa8aa8a12e6bc484ac0aa
zziplib-debuginfo-0.13.62-11.el7.ppc.rpm	SHA-256: 64d5bc446c42f8dda71af2aac7f397ed2eee78560c43bf7989652f7ce841a9fd
zziplib-debuginfo-0.13.62-11.el7.ppc.rpm	SHA-256: 64d5bc446c42f8dda71af2aac7f397ed2eee78560c43bf7989652f7ce841a9fd
zziplib-debuginfo-0.13.62-11.el7.ppc64.rpm	SHA-256: 684e96f7e492e2df6515a10e4d14cafca31797429b276352670e4c5dc855fc7e
zziplib-debuginfo-0.13.62-11.el7.ppc64.rpm	SHA-256: 684e96f7e492e2df6515a10e4d14cafca31797429b276352670e4c5dc855fc7e
zziplib-devel-0.13.62-11.el7.ppc.rpm	SHA-256: 5353afaee381ab8f57fdf4fd699cbbb66b697e05aee0836beed8af2d5be5b9f2
zziplib-devel-0.13.62-11.el7.ppc64.rpm	SHA-256: 3be7cb0af1d42418d6595a941ab7846780fed77bf85ed500d70673238fb0c616
zziplib-utils-0.13.62-11.el7.ppc64.rpm	SHA-256: 2d9f092feeae1d32c234225e62135810879cd9789b1d30bf60890a8dfeda5f1c

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
x86_64
zziplib-0.13.62-11.el7.i686.rpm	SHA-256: 84668abe5fa808318462f930b9a71c4b062ca953a25cb9c2c59a6a757054148f
zziplib-0.13.62-11.el7.x86_64.rpm	SHA-256: e56cf30d078ebdd41cc21a4b19a40286659c54b6e5ac3a8d4650572a0e1a1553
zziplib-debuginfo-0.13.62-11.el7.i686.rpm	SHA-256: 3c439810169774857cfbfac676000f07cd38af585c4ee51b89b5223f60794708
zziplib-debuginfo-0.13.62-11.el7.x86_64.rpm	SHA-256: 1dc50481714c11571bb494cb496a3d8cf4b881a3f58821c66a5b6ce0907832bd
zziplib-devel-0.13.62-11.el7.i686.rpm	SHA-256: 68bff0df1758a9a244c660850fc536b549717c42c1233d12b9aecaa12616d8e6
zziplib-devel-0.13.62-11.el7.x86_64.rpm	SHA-256: f61ccb741b95e5a5ce4958ae983dcbc65ca27b98eb3e248795dd43b9cd60f534
zziplib-utils-0.13.62-11.el7.x86_64.rpm	SHA-256: 44c681d7a71b9fdd6b972a717b24d531f8070b72e6d0b32d90c0f63efb998db5

Red Hat Enterprise Linux for Power, little endian 7

SRPM
zziplib-0.13.62-11.el7.src.rpm	SHA-256: 684c29ceabd43c58bfd478f59ee3660c50b5e9151a7eb0745d34ab68f9d46cae
ppc64le
zziplib-0.13.62-11.el7.ppc64le.rpm	SHA-256: 58226038465c79fea0f6a9b982729036392a0e7369ffd2b9e55fe6ce91a028fa
zziplib-debuginfo-0.13.62-11.el7.ppc64le.rpm	SHA-256: af9284fe1788f0150ee31fb24c2d51a615e120456ab1b51d6ffa03202b09a21e
zziplib-debuginfo-0.13.62-11.el7.ppc64le.rpm	SHA-256: af9284fe1788f0150ee31fb24c2d51a615e120456ab1b51d6ffa03202b09a21e
zziplib-devel-0.13.62-11.el7.ppc64le.rpm	SHA-256: c6bdbc7949b86b31a624293f57243ae319e8de0131f02760c86779628627c890
zziplib-utils-0.13.62-11.el7.ppc64le.rpm	SHA-256: 625af7fabb918daee6aecf48f2a4c48f713a85ef71f92be053cda4cf25972582

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories