[SECURITY] [DLA 994-1] zziplib security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : zziplib
Version : 0.13.56-1.1+deb7u1
CVE ID : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978
CVE-2017-5979 CVE-2017-5980 CVE-2017-5981
CVE-2017-5974
Heap-based buffer overflow in the __zzip_get32 function in fetch.c
in zziplib allows remote attackers to cause a denial of service
(crash) via a crafted ZIP file.
CVE-2017-5975
Heap-based buffer overflow in the __zzip_get64 function in fetch.c
in zziplib allows remote attackers to cause a denial of service
(crash) via a crafted ZIP file.
CVE-2017-5976
Heap-based buffer overflow in the zzip_mem_entry_extra_block
function in memdisk.c in zziplib allows remote attackers to cause
a denial of service (crash) via a crafted ZIP file.
CVE-2017-5978
The zzip_mem_entry_new function in memdisk.c in zziplib allows
remote attackers to cause a denial of service (out-of-bounds
read and crash) via a crafted ZIP file.
CVE-2017-5979
The prescan_entry function in fseeko.c in zziplib allows remote
attackers to cause a denial of service (NULL pointer dereference
and crash) via a crafted ZIP file.
CVE-2017-5980
The zzip_mem_entry_new function in memdisk.c in zziplib allows
remote attackers to cause a denial of service (NULL pointer
dereference and crash) via a crafted ZIP file.
CVE-2017-5981
seeko.c in zziplib allows remote attackers to cause a denial of
service (assertion failure and crash) via a crafted ZIP file.
For Debian 7 "Wheezy", these problems have been fixed in version
0.13.56-1.1+deb7u1.
We recommend that you upgrade your zziplib packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJZSYQzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+1cP/ihjqG04tz4E+F3ojL4eDRiK
Sv10vUWuG7FAmElYyfNWPckPL1hWE3Ri4Gstpptu7CS3XPUaV/U7GM1HLDQwDEfl
c/npTFZonrE7I6S2lzVDIDpwPAskoEosWmZPXEM15uLu2H86d5TEsehK5SiVAIq6
2lmYB4J+ziXBY0iq/0+xn5KbWAtC+1ggzoUO8eWo+8/eekfERyCUGlA7MqeoGVa+
4o+33m/1EoenJ0v9ZtTRVypnwVkhHW1ojdF6F9iDGeiH0nYC9mTruWaEu7FeOnR5
S4hjd8Q22n/Nzu6Sky1IY49vN7bKKFptvYvkx2YQrf9lmNIzYiQsPbZyFbFNlTM8
ybv6BAvIdU7PSVt9WUb99oAmeI/z5nhxsDwJtn2dat/T+A/4C2rGIDljJVRWb2ES
H22ijwXxYGe0CXrzYWDzz5Ckks+aUwXqNeePqL4bhUpiBAQBqFDSbKx/+MMOaDUY
ppTccYh5xhxnNQTDYhDsm6KvaKYWvTiMUCA0TqdMCKbu7ecS4NtggcZQtYMWKLp1
Id8Ir3gsTJRjunXECwfoStjkBhaH/toeyfeVuWtqQQlwdqOl2Bwluuta4pGop4k9
2G6Mx2muzH4UIrtRdjvLGWqhYTza2U1e7uwVPes0SriCIE1sh7O8iXD++gFHmBL7
PgCFluU4IqhUC3JONnz/
=vmoo
-----END PGP SIGNATURE-----
Reply to: