Issued:: 2025-11-11
Updated:: 2025-11-11

RHSA-2025:20478 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: zziplib security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for zziplib is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat Enterprise Linux for ARM 64 10 aarch64
Red Hat CodeReady Linux Builder for x86_64 10 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

BZ - 1635888 - CVE-2018-17828 zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

CVEs

CVE-2018-17828

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
zziplib-0.13.78-2.el10.src.rpm	SHA-256: cf2e6c179940e963167b06578fcbd1fa73a0d62debe0605518963651fd4e8bf3
x86_64
zziplib-0.13.78-2.el10.x86_64.rpm	SHA-256: 0b30858cdbe27670c94fb15ced9ff0972dc9c378ed27197cb08176f746f526fb
zziplib-debuginfo-0.13.78-2.el10.x86_64.rpm	SHA-256: 8252ac60afdaf097e8b283bef87c51ca06e530ef2c6c9b9859668dea816b2b24
zziplib-debugsource-0.13.78-2.el10.x86_64.rpm	SHA-256: 4f601a2ec1b9ae3d323ff2405d87b76b87d68c5310ba24eb840824bb03ee0de8
zziplib-utils-0.13.78-2.el10.x86_64.rpm	SHA-256: e75508ed0362fbd052e4fa1294e7ac7046b43820b2041b157b26129afef29213
zziplib-utils-debuginfo-0.13.78-2.el10.x86_64.rpm	SHA-256: 4fe5d82ab770cba47e1dde8b337f32e7e67ca8b6ac7059b598f6f39be9f8998e

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
zziplib-0.13.78-2.el10.src.rpm	SHA-256: cf2e6c179940e963167b06578fcbd1fa73a0d62debe0605518963651fd4e8bf3
s390x
zziplib-0.13.78-2.el10.s390x.rpm	SHA-256: c04a8957f752d64b9c841ccd825260d39e99251ca0f3f14f59365bc01ae85dd5
zziplib-debuginfo-0.13.78-2.el10.s390x.rpm	SHA-256: 5a2173e2a4c8fe380250509d3a99b1a27bf730036275d54bfc3883117827ce02
zziplib-debugsource-0.13.78-2.el10.s390x.rpm	SHA-256: 53154895eb3f69555a4ce2cab640745da2818de4d8c831edf39e787dde79d0d2
zziplib-utils-0.13.78-2.el10.s390x.rpm	SHA-256: 501b5bfe985fb133794278a47ff507bf10ad34b64028ded4802903cb7af46d36
zziplib-utils-debuginfo-0.13.78-2.el10.s390x.rpm	SHA-256: 2222e468c0d267ee09a783c2230827c8ce5704802a0d5eee1271502fdfdab38a

Red Hat Enterprise Linux for Power, little endian 10

SRPM
zziplib-0.13.78-2.el10.src.rpm	SHA-256: cf2e6c179940e963167b06578fcbd1fa73a0d62debe0605518963651fd4e8bf3
ppc64le
zziplib-0.13.78-2.el10.ppc64le.rpm	SHA-256: 7a250c107c14b963ffde8ff02935aabdf6e3d8169d4637fbe6b2cc20129d43c2
zziplib-debuginfo-0.13.78-2.el10.ppc64le.rpm	SHA-256: de7d09803fe10378f8c9cb0a83c6f9711ce16aaeb5f8dd84f0ce101383e9ef03
zziplib-debugsource-0.13.78-2.el10.ppc64le.rpm	SHA-256: 2ccfdb176fdf4a3367d705f1d03a0adf48f92d84171c768d3960c6a5d04c104f
zziplib-utils-0.13.78-2.el10.ppc64le.rpm	SHA-256: cc01f17780bafc1e978e4d573615aac6e823160c64747bd1afd5aa7093686e76
zziplib-utils-debuginfo-0.13.78-2.el10.ppc64le.rpm	SHA-256: ebcf1f887cb8890737031d70965be3aa6c7b0fec4f585548f83abf3f23dc37c6

Red Hat Enterprise Linux for ARM 64 10

SRPM
zziplib-0.13.78-2.el10.src.rpm	SHA-256: cf2e6c179940e963167b06578fcbd1fa73a0d62debe0605518963651fd4e8bf3
aarch64
zziplib-0.13.78-2.el10.aarch64.rpm	SHA-256: 5ad857888d914aedef4e7073ab3736acf2baa59c6205f18abcb35121bf10241e
zziplib-debuginfo-0.13.78-2.el10.aarch64.rpm	SHA-256: cc46a87a73ea2b66a77e46edae4171216eb4d94813c296b8bde64be299bbef4b
zziplib-debugsource-0.13.78-2.el10.aarch64.rpm	SHA-256: 51cec460929b6751ed903655c7428877138b0a8709c84074b08f19bc66ccf773
zziplib-utils-0.13.78-2.el10.aarch64.rpm	SHA-256: 926442bb75b1566f935ce5aad05d7b07523d762fa2181e3f30087b019e68bea8
zziplib-utils-debuginfo-0.13.78-2.el10.aarch64.rpm	SHA-256: 096da120f84bbac09840e4763683e6dd8583398559f620a5dcccaf97acad1563

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
zziplib-debuginfo-0.13.78-2.el10.x86_64.rpm	SHA-256: 8252ac60afdaf097e8b283bef87c51ca06e530ef2c6c9b9859668dea816b2b24
zziplib-debugsource-0.13.78-2.el10.x86_64.rpm	SHA-256: 4f601a2ec1b9ae3d323ff2405d87b76b87d68c5310ba24eb840824bb03ee0de8
zziplib-devel-0.13.78-2.el10.x86_64.rpm	SHA-256: 3a3adb077f1ccaa6a29ad21f1ff9f98cb48e2a1bf3c402fd02c80240ed2422b3
zziplib-utils-debuginfo-0.13.78-2.el10.x86_64.rpm	SHA-256: 4fe5d82ab770cba47e1dde8b337f32e7e67ca8b6ac7059b598f6f39be9f8998e

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
zziplib-debuginfo-0.13.78-2.el10.ppc64le.rpm	SHA-256: de7d09803fe10378f8c9cb0a83c6f9711ce16aaeb5f8dd84f0ce101383e9ef03
zziplib-debugsource-0.13.78-2.el10.ppc64le.rpm	SHA-256: 2ccfdb176fdf4a3367d705f1d03a0adf48f92d84171c768d3960c6a5d04c104f
zziplib-devel-0.13.78-2.el10.ppc64le.rpm	SHA-256: a2c60b9e21e5985b5f42cc367b3799447e8231f8faeb85e05ed3fae51ae3a7bb
zziplib-utils-debuginfo-0.13.78-2.el10.ppc64le.rpm	SHA-256: ebcf1f887cb8890737031d70965be3aa6c7b0fec4f585548f83abf3f23dc37c6

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
zziplib-debuginfo-0.13.78-2.el10.aarch64.rpm	SHA-256: cc46a87a73ea2b66a77e46edae4171216eb4d94813c296b8bde64be299bbef4b
zziplib-debugsource-0.13.78-2.el10.aarch64.rpm	SHA-256: 51cec460929b6751ed903655c7428877138b0a8709c84074b08f19bc66ccf773
zziplib-devel-0.13.78-2.el10.aarch64.rpm	SHA-256: b1452fe2d1edb3b36f7608e1ec4b312f732e6552a9d1739423dfac40cf77039b
zziplib-utils-debuginfo-0.13.78-2.el10.aarch64.rpm	SHA-256: 096da120f84bbac09840e4763683e6dd8583398559f620a5dcccaf97acad1563

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
zziplib-debuginfo-0.13.78-2.el10.s390x.rpm	SHA-256: 5a2173e2a4c8fe380250509d3a99b1a27bf730036275d54bfc3883117827ce02
zziplib-debugsource-0.13.78-2.el10.s390x.rpm	SHA-256: 53154895eb3f69555a4ce2cab640745da2818de4d8c831edf39e787dde79d0d2
zziplib-devel-0.13.78-2.el10.s390x.rpm	SHA-256: 5b6fcc782a6a97bd9634f90598e28dc41850989771159598f8bac2ca5901f3c8
zziplib-utils-debuginfo-0.13.78-2.el10.s390x.rpm	SHA-256: 2222e468c0d267ee09a783c2230827c8ce5704802a0d5eee1271502fdfdab38a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation