What is the severity of USN-6298-1?

The severity of USN-6298-1 is classified as a denial of service vulnerability.

How do I fix USN-6298-1?

To fix USN-6298-1, upgrade your ZZIPlib packages to the latest version specified in the advisory.

Which systems are affected by USN-6298-1?

USN-6298-1 affects Ubuntu 20.04, 18.04, and 16.04 with specific versions of libzzip-0-13, libzzip-dev, and zziplib-bin.

What is the risk posed by USN-6298-1?

The risk posed by USN-6298-1 is the potential for denial of service if a specially crafted input file is opened.

Who discovered the vulnerability in USN-6298-1?

The vulnerability in USN-6298-1 was discovered by Liu Zhu and YiMing Liu.

Vulnerability/
USN-6298-1

17/8/2023

USN-6298-1: ZZIPlib vulnerabilities

First published: Thu Aug 17 2023(Updated: )

Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7727) YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-18442)

Affected Software	Affected Version	How to fix
All of
ubuntu/libzzip-0-13	<0.13.62-3.2ubuntu1.1	0.13.62-3.2ubuntu1.1
Ubuntu	=20.04
All of
ubuntu/libzzip-dev	<0.13.62-3.2ubuntu1.1	0.13.62-3.2ubuntu1.1
Ubuntu	=20.04
All of
ubuntu/zziplib-bin	<0.13.62-3.2ubuntu1.1	0.13.62-3.2ubuntu1.1
Ubuntu	=20.04
All of
ubuntu/libzzip-0-13	<0.13.62-3.1ubuntu0.18.04.1+esm1	0.13.62-3.1ubuntu0.18.04.1+esm1
Ubuntu	=18.04
All of
ubuntu/libzzip-dev	<0.13.62-3.1ubuntu0.18.04.1+esm1	0.13.62-3.1ubuntu0.18.04.1+esm1
Ubuntu	=18.04
All of
ubuntu/zziplib-bin	<0.13.62-3.1ubuntu0.18.04.1+esm1	0.13.62-3.1ubuntu0.18.04.1+esm1
Ubuntu	=18.04
All of
ubuntu/libzzip-0-13	<0.13.62-3ubuntu0.16.04.2+esm1	0.13.62-3ubuntu0.16.04.2+esm1
Ubuntu	=16.04
All of
ubuntu/libzzip-dev	<0.13.62-3ubuntu0.16.04.2+esm1	0.13.62-3ubuntu0.16.04.2+esm1
Ubuntu	=16.04
All of
ubuntu/zziplib-bin	<0.13.62-3ubuntu0.16.04.2+esm1	0.13.62-3ubuntu0.16.04.2+esm1
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-6298-1?
The severity of USN-6298-1 is classified as a denial of service vulnerability.
How do I fix USN-6298-1?
To fix USN-6298-1, upgrade your ZZIPlib packages to the latest version specified in the advisory.
Which systems are affected by USN-6298-1?
USN-6298-1 affects Ubuntu 20.04, 18.04, and 16.04 with specific versions of libzzip-0-13, libzzip-dev, and zziplib-bin.
What is the risk posed by USN-6298-1?
The risk posed by USN-6298-1 is the potential for denial of service if a specially crafted input file is opened.
Who discovered the vulnerability in USN-6298-1?
The vulnerability in USN-6298-1 was discovered by Liu Zhu and YiMing Liu.

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/20.04
version/ubuntu/18.04
version/ubuntu/16.04