Issued:
2021-11-09
Updated:
2021-11-09

RHSA-2021:4316 - Security Advisory

Synopsis

Low: zziplib security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for zziplib is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

  • zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 1973826 - CVE-2020-18442 zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file()

Red Hat Enterprise Linux for x86_64 8

SRPM
zziplib-0.13.68-9.el8.src.rpm SHA-256: 02ab89fa216669558693a0f0b50d42d5eaf4fc40631bfc01aedecd9d70eb36f8
x86_64
zziplib-0.13.68-9.el8.i686.rpm SHA-256: 2f9e7c143ed8583e61017a9c9a401f36b5af134ede66478b53f1c3764b671118
zziplib-0.13.68-9.el8.x86_64.rpm SHA-256: 47cd26da8923927c44a7c93a0d92186d3179449b80c4ced7e579efdd60047e49
zziplib-debuginfo-0.13.68-9.el8.i686.rpm SHA-256: ca611360fb93a6611c32e4051a338dfb092e64a9d023a57dd53a634fe12c7bfa
zziplib-debuginfo-0.13.68-9.el8.x86_64.rpm SHA-256: b8dcb8607c54f75a4bb01d00ca590c16f358b966de1a7ab8dfc9281e0b1d23e9
zziplib-debugsource-0.13.68-9.el8.i686.rpm SHA-256: 04527026cbdccc3d639dd0f2787e020a33e840db605505a615a9bc29743f9edd
zziplib-debugsource-0.13.68-9.el8.x86_64.rpm SHA-256: 8b2db44552c5bbae2d69dedca0c5fe39b8e7490f0dbd6b18e2428f99b41e32ff
zziplib-utils-0.13.68-9.el8.x86_64.rpm SHA-256: e2388f1d8be52c3023712d37713490696c542b674e597aea60c4b249b0ccbfef
zziplib-utils-debuginfo-0.13.68-9.el8.i686.rpm SHA-256: a55227ebbc4f32216ed5b1939a1170b1cf5ac62186ee7643ccfc06339287caf0
zziplib-utils-debuginfo-0.13.68-9.el8.x86_64.rpm SHA-256: 9640bda01b90a85213e8a6a947e859b6f4eb5716c12f0222d6425efdb05c94e4

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
zziplib-0.13.68-9.el8.src.rpm SHA-256: 02ab89fa216669558693a0f0b50d42d5eaf4fc40631bfc01aedecd9d70eb36f8
s390x
zziplib-0.13.68-9.el8.s390x.rpm SHA-256: 0796c86ef976d873e52f61e0f0cd3d24687ba070b6b50138011a9d957dc4bd5e
zziplib-debuginfo-0.13.68-9.el8.s390x.rpm SHA-256: a24bfa69dd35c701d27daa2fca89f3af4b9bc3d43b21087f13b55bfea20d6ac4
zziplib-debugsource-0.13.68-9.el8.s390x.rpm SHA-256: 46f9c1726942db6103e73cd95c7340d0575bed32cd965c10850adfdfe6fe558a
zziplib-utils-0.13.68-9.el8.s390x.rpm SHA-256: aae29b5d00d89c59a2d857ca429b5804e4d8f34eb7c5709c912c65df11c739ff
zziplib-utils-debuginfo-0.13.68-9.el8.s390x.rpm SHA-256: 58c248b002a2b75785d6266697c996a38ad2d8a442a0126327e0de7e0fafdea3

Red Hat Enterprise Linux for Power, little endian 8

SRPM
zziplib-0.13.68-9.el8.src.rpm SHA-256: 02ab89fa216669558693a0f0b50d42d5eaf4fc40631bfc01aedecd9d70eb36f8
ppc64le
zziplib-0.13.68-9.el8.ppc64le.rpm SHA-256: b852c321ab459864759b8738a7f9e9f983a1e49af67419e351ea5d0d9a8ac7d2
zziplib-debuginfo-0.13.68-9.el8.ppc64le.rpm SHA-256: 14c3541039babad926b295ad5fb4f7dcf4df9eedb045a1409b39184faa6ee444
zziplib-debugsource-0.13.68-9.el8.ppc64le.rpm SHA-256: e828a867782571c9739fbc423996d1a1217482eaa6a6e489f570a696e2d2f85a
zziplib-utils-0.13.68-9.el8.ppc64le.rpm SHA-256: 162301745196c56b642ee7866795cc29dd12c7a58ff6b85b5635044277a1e4f1
zziplib-utils-debuginfo-0.13.68-9.el8.ppc64le.rpm SHA-256: 04926383df22bf5b340027e92bb04aa5d493821a3f3d8663f57be1c7115e0c9d

Red Hat Enterprise Linux for ARM 64 8

SRPM
zziplib-0.13.68-9.el8.src.rpm SHA-256: 02ab89fa216669558693a0f0b50d42d5eaf4fc40631bfc01aedecd9d70eb36f8
aarch64
zziplib-0.13.68-9.el8.aarch64.rpm SHA-256: 24cd6ff1687d69a8028e1e699944185edf9476979b951dc7ddb8d307f5d203d1
zziplib-debuginfo-0.13.68-9.el8.aarch64.rpm SHA-256: fb9b19f926c4fa1b906fdf211be4e41e78c7e5d6a90faf20f36055f10cb17c0c
zziplib-debugsource-0.13.68-9.el8.aarch64.rpm SHA-256: 9138558c2aa17fcc749aeb8207c38820ff3bf9e2ff5f46fd5065a024bbb295db
zziplib-utils-0.13.68-9.el8.aarch64.rpm SHA-256: a428051c479edbf5115c6ec6a71717abf021b403ffc47ccc284830b6177596de
zziplib-utils-debuginfo-0.13.68-9.el8.aarch64.rpm SHA-256: b8ea283705aa3b658cd05cc1735f277b7f4241e1eac560482ffa9014ee497955

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
zziplib-debuginfo-0.13.68-9.el8.i686.rpm SHA-256: ca611360fb93a6611c32e4051a338dfb092e64a9d023a57dd53a634fe12c7bfa
zziplib-debuginfo-0.13.68-9.el8.x86_64.rpm SHA-256: b8dcb8607c54f75a4bb01d00ca590c16f358b966de1a7ab8dfc9281e0b1d23e9
zziplib-debugsource-0.13.68-9.el8.i686.rpm SHA-256: 04527026cbdccc3d639dd0f2787e020a33e840db605505a615a9bc29743f9edd
zziplib-debugsource-0.13.68-9.el8.x86_64.rpm SHA-256: 8b2db44552c5bbae2d69dedca0c5fe39b8e7490f0dbd6b18e2428f99b41e32ff
zziplib-devel-0.13.68-9.el8.i686.rpm SHA-256: ab55e5b159213dcff4559427f7111377115bd3ecdd37171e108de3417b4527c6
zziplib-devel-0.13.68-9.el8.x86_64.rpm SHA-256: 537073d64ff63092a1f127fa15beb30541db02106fbd74420b68d2c6542d1fe5
zziplib-utils-debuginfo-0.13.68-9.el8.i686.rpm SHA-256: a55227ebbc4f32216ed5b1939a1170b1cf5ac62186ee7643ccfc06339287caf0
zziplib-utils-debuginfo-0.13.68-9.el8.x86_64.rpm SHA-256: 9640bda01b90a85213e8a6a947e859b6f4eb5716c12f0222d6425efdb05c94e4

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
zziplib-debuginfo-0.13.68-9.el8.ppc64le.rpm SHA-256: 14c3541039babad926b295ad5fb4f7dcf4df9eedb045a1409b39184faa6ee444
zziplib-debugsource-0.13.68-9.el8.ppc64le.rpm SHA-256: e828a867782571c9739fbc423996d1a1217482eaa6a6e489f570a696e2d2f85a
zziplib-devel-0.13.68-9.el8.ppc64le.rpm SHA-256: ba5dfb7b03091d037e5eb59f4f858bbe477cd8e443798ee1146deab9ce4df983
zziplib-utils-debuginfo-0.13.68-9.el8.ppc64le.rpm SHA-256: 04926383df22bf5b340027e92bb04aa5d493821a3f3d8663f57be1c7115e0c9d

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
zziplib-debuginfo-0.13.68-9.el8.aarch64.rpm SHA-256: fb9b19f926c4fa1b906fdf211be4e41e78c7e5d6a90faf20f36055f10cb17c0c
zziplib-debugsource-0.13.68-9.el8.aarch64.rpm SHA-256: 9138558c2aa17fcc749aeb8207c38820ff3bf9e2ff5f46fd5065a024bbb295db
zziplib-devel-0.13.68-9.el8.aarch64.rpm SHA-256: 620a40e8105e355702aee7652bc540c8c3b9eaa2eb5460eb23bcfdea6f2e65e9
zziplib-utils-debuginfo-0.13.68-9.el8.aarch64.rpm SHA-256: b8ea283705aa3b658cd05cc1735f277b7f4241e1eac560482ffa9014ee497955

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
zziplib-debuginfo-0.13.68-9.el8.s390x.rpm SHA-256: a24bfa69dd35c701d27daa2fca89f3af4b9bc3d43b21087f13b55bfea20d6ac4
zziplib-debugsource-0.13.68-9.el8.s390x.rpm SHA-256: 46f9c1726942db6103e73cd95c7340d0575bed32cd965c10850adfdfe6fe558a
zziplib-devel-0.13.68-9.el8.s390x.rpm SHA-256: d1603824d7780a97f3c7ba693b6863b5ace5d73771cff72a2b827e1ebaa08994
zziplib-utils-debuginfo-0.13.68-9.el8.s390x.rpm SHA-256: 58c248b002a2b75785d6266697c996a38ad2d8a442a0126327e0de7e0fafdea3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.