ELSA-2025-20478-0

ELSA-2025-20478-0 - zziplib security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-11-25

Description

[0.13.78-2]
- Fix directory traversal in unzip binary
- Disable the CVE tests during the check phase - the reproducers for these are downloaded from the github
- Resolves: RHEL-105822

Related CVEs

CVE-2018-17828

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 10 (aarch64)	zziplib-0.13.78-2.el10.src.rpm	e58ebefc6223f1bd3cbca85c71f22df268db2a9d6338e457a53e1a5dd0b86d55	-	ol10_aarch64_appstream
	zziplib-0.13.78-2.el10.src.rpm	e58ebefc6223f1bd3cbca85c71f22df268db2a9d6338e457a53e1a5dd0b86d55	-	ol10_aarch64_codeready_builder
	zziplib-0.13.78-2.el10.aarch64.rpm	dc0fce0ffed6d97f87513ba0de20b34f69b0989ae84e450a8abf92e01dd4e69a	-	ol10_aarch64_appstream
	zziplib-devel-0.13.78-2.el10.aarch64.rpm	b0ae88704e6f067f7a066d2ad5d9061f55327600bcb1b842f836472dd108bc4f	-	ol10_aarch64_codeready_builder
	zziplib-utils-0.13.78-2.el10.aarch64.rpm	a55a25d61e66d00753a540fd921edd8de9fee26e8b173fbddf838b76c487a625	-	ol10_aarch64_appstream
Oracle Linux 10 (x86_64)	zziplib-0.13.78-2.el10.src.rpm	e58ebefc6223f1bd3cbca85c71f22df268db2a9d6338e457a53e1a5dd0b86d55	-	ol10_x86_64_appstream
	zziplib-0.13.78-2.el10.src.rpm	e58ebefc6223f1bd3cbca85c71f22df268db2a9d6338e457a53e1a5dd0b86d55	-	ol10_x86_64_codeready_builder
	zziplib-0.13.78-2.el10.x86_64.rpm	a0f67f4ad6196bb882785c71ca4f93dbb2556972fd574f80cf442ad2a996af4d	-	ol10_x86_64_appstream
	zziplib-devel-0.13.78-2.el10.x86_64.rpm	f0a242a23e4528185a95e0109cbba194bcca3ed98996a759f3f9d942260a0f61	-	ol10_x86_64_codeready_builder
	zziplib-utils-0.13.78-2.el10.x86_64.rpm	2c77cbf34ca1a0e8ebb45db129321ef04eb8513558ee41eb6d6ef5acfb7ddf59	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team