7845 moderate openSUSE Leap 42.3 Update This update for zziplib to 0.13.67 contains multiple bug and security fixes: - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) This update was imported from the SUSE:SLE-12:Update update project. libzzip-0-13-0.13.67-13.3.1.i586.rpm libzzip-0-13-32bit-0.13.67-13.3.1.x86_64.rpm libzzip-0-13-debuginfo-0.13.67-13.3.1.i586.rpm libzzip-0-13-debuginfo-32bit-0.13.67-13.3.1.x86_64.rpm zziplib-0.13.67-13.3.1.src.rpm zziplib-debugsource-0.13.67-13.3.1.i586.rpm zziplib-devel-0.13.67-13.3.1.i586.rpm zziplib-devel-32bit-0.13.67-13.3.1.x86_64.rpm zziplib-devel-debuginfo-0.13.67-13.3.1.i586.rpm zziplib-devel-debuginfo-32bit-0.13.67-13.3.1.x86_64.rpm libzzip-0-13-0.13.67-13.3.1.x86_64.rpm libzzip-0-13-debuginfo-0.13.67-13.3.1.x86_64.rpm zziplib-debugsource-0.13.67-13.3.1.x86_64.rpm zziplib-devel-0.13.67-13.3.1.x86_64.rpm zziplib-devel-debuginfo-0.13.67-13.3.1.x86_64.rpm