ELSA-2020-1178

ELSA-2020-1178 - zziplib security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-04-06

Description

[0.13.62-12]
- Fix a directory traversal bug
- unzip-mem should now strip all '../' prefixes from the archived files
- Resolves: CVE-2018-17828

Related CVEs

CVE-2018-17828

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	zziplib-0.13.62-12.el7.src.rpm	7eee56db02259a05e32f105ed84b2adf	-
	zziplib-0.13.62-12.el7.aarch64.rpm	d58d2c2d4e150ebbc05878ee304642e1	-
	zziplib-devel-0.13.62-12.el7.aarch64.rpm	797b35c2c73957e8d2e00283c1521454	-
	zziplib-utils-0.13.62-12.el7.aarch64.rpm	cb1e1164335877049bb8eb25fe7d1b0c	-
Oracle Linux 7 (x86_64)	zziplib-0.13.62-12.el7.src.rpm	7eee56db02259a05e32f105ed84b2adf	-
	zziplib-0.13.62-12.el7.i686.rpm	29b0dcc862a92332fd51c057a0937f6c	-
	zziplib-0.13.62-12.el7.x86_64.rpm	a57dca06b48fe436a9b95a9765d19846	-
	zziplib-devel-0.13.62-12.el7.i686.rpm	e59e9c9f5b41b1c8f86f5b63e107aaaf	-
	zziplib-devel-0.13.62-12.el7.x86_64.rpm	a000978edd02b05cbd83fb957bd45909	-
	zziplib-utils-0.13.62-12.el7.x86_64.rpm	7a616ddd490a9e77d0692354a55d3578	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team