You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke zziplib

Sigurnosni nedostaci programske biblioteke zziplib

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3699-1
July 03, 2018

zziplib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

zziplib could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– zziplib: library providing read access on ZIP-archives – library

Details:

It was discovered that zziplib incorrectly handled certain malformed ZIP
files. If a user or automated system were tricked into opening a specially
crafted ZIP file, a remote attacker could cause zziplib to crash, resulting
in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libzzip-0-13 0.13.62-3.1ubuntu0.18.04.1

Ubuntu 17.10:
libzzip-0-13 0.13.62-3.1ubuntu0.17.10.1

Ubuntu 16.04 LTS:
libzzip-0-13 0.13.62-3ubuntu0.16.04.2

Ubuntu 14.04 LTS:
libzzip-0-13 0.13.62-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3699-1
CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541,
CVE-2018-6869, CVE-2018-7725, CVE-2018-7726

Package Information:
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3.1ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3.1ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-2ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAls7e8sACgkQZWnYVadE
vpNy3w/+It9G4VmH3CMNOrxjcxnSHbbtoP8NNWYD2X5KhLOsIAioMg/k3HCHtwyB
/b26lydwa+bBOVb+/+Mu3UOc96cuy55SIAJNe2NzC5TTvhPZEvOzAmnV5enyJbef
bAP5qiNra7OA0/8oqyNYfVnJIjCjBuHW9creTNlrG8xU4fntnSxARFpxTbN/KgZS
ETRMv6Xt+5G2dxSnEI32RqG7gTn7paOVdSkuzYXGK9MbvnMuQrGFpPrHXM/gfV10
smPj8E2dZ/FctaO/dIIcMzmcBa3JA/AFtbVp9PbD65IrHB8YumejR7/EyaIG9KSm
JoxFHRZd12fIRqWFjCrDv2sR8HKidylcNgUgtCLPu36zJKr98WPS3mEPAB+42eN9
ToLytZWpZLrUcBNDRkTBssMN4rjsoiYzOkBKF6p+tfBBAbPf8KluiMPA4Ze3D1Rh
6nlpGV0ozVuMjiQouolqbDmGwn3PFtxxC5wuJK21EcoYw6lB+flUaxynpgR27Qpm
N+8n2fYPSLepr2cEim+uJPxUNNEHaPHbb4dfK65ajryDw04aOYYk97AtWJdziJEe
8ISNjgXp+1Xg2LuDtcqsq5k+RmPBlKxceKu0KwJvL5FzhbY1lPRY6K2CR4Lq+3KI
y5/1LKKs6u01ntqc84vwDKGRFEpqvbkFckU1Ds7r3yMSSfWkcUI=
=shrI
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci više verzija jezgri operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, otkrivanje osjetljivih...

Close