Debian Long Term Support / LTS Security Information / 2020 / Security Information -- DLA-2258-1 zziplib

Debian Security Advisory

DLA-2258-1 zziplib -- LTS security update

Date Reported:

28 Jun 2020

Affected Packages:

zziplib

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726, CVE-2018-16548.

More information:

Several issues have been fixed in zziplib, a library providing read access on ZIP-archives. They are basically all related to invalid memory access and resulting crash or memory leak.

For Debian 8 Jessie, these problems have been fixed in version 0.13.62-3+deb8u2.

We recommend that you upgrade your zziplib packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS