You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke zziplib

Sigurnosni nedostaci programske biblioteke zziplib

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-07-31 18:00:51.599950

Name : zziplib
Product : Fedora 28
Version : 0.13.69
Release : 1.fc28
Summary : Lightweight library to easily extract data from zip files
Description :
The zziplib library is intentionally lightweight, it offers the ability to
easily extract data from files archived in a single zip file. Applications
can bundle files into a single zip archive and access them. The implementation
is based only on the (free) subset of compression with the zlib algorithm
which is actually used by the zip/unzip tools.

Update Information:

Update zziplib to 0.13.69 version, fixes all known CVEs for the package.

* Mon Jul 23 2018 Alexander Bokovoy <> – 0.13.69-1
– Update to 0.13.69 release
– Fixes: #1598246 (CVE-2018-6541)
– Fixes: #1554673 (CVE-2018-7727)
– Use versioned python executables everywhere
* Sat Jul 14 2018 Fedora Release Engineering <> – 0.13.68-3
– Rebuilt for
* Sun Mar 18 2018 Iryna Shcherbina <> – 0.13.68-2
– Update Python 2 dependency declarations to new packaging standards

[ 1 ] Bug #1422517 – CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 zziplib: various flaws [fedora-all]
[ 2 ] Bug #1554673 – CVE-2018-7726 CVE-2018-7727 zziplib: various flaws [fedora-all]
[ 3 ] Bug #1598246 – CVE-2018-6541 zziplib: bus error caused by loading of a misaligned address inzzip/zip.c [fedora-all]

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-237e9b550c’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-08-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa python-cryptography

Otkriven je sigurnosni nedostatak u programskom paketu python-cryptography za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....