[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 994-1] zziplib security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : zziplib
Version        : 0.13.56-1.1+deb7u1
CVE ID         : CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978
                 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981

CVE-2017-5974
     Heap-based buffer overflow in the __zzip_get32 function in fetch.c
     in zziplib allows remote attackers to cause a denial of service
     (crash) via a crafted ZIP file.

CVE-2017-5975
     Heap-based buffer overflow in the __zzip_get64 function in fetch.c
     in zziplib allows remote attackers to cause a denial of service
     (crash) via a crafted ZIP file.

CVE-2017-5976
     Heap-based buffer overflow in the zzip_mem_entry_extra_block
     function in memdisk.c in zziplib allows remote attackers to cause
     a denial of service (crash) via a crafted ZIP file.

CVE-2017-5978
     The zzip_mem_entry_new function in memdisk.c in zziplib allows
     remote attackers to cause a denial of service (out-of-bounds
     read and crash) via a crafted ZIP file.

CVE-2017-5979
     The prescan_entry function in fseeko.c in zziplib allows remote
     attackers to cause a denial of service (NULL pointer dereference
     and crash) via a crafted ZIP file.

CVE-2017-5980
     The zzip_mem_entry_new function in memdisk.c in zziplib allows
     remote attackers to cause a denial of service (NULL pointer
     dereference and crash) via a crafted ZIP file.

CVE-2017-5981
     seeko.c in zziplib allows remote attackers to cause a denial of
     service (assertion failure and crash) via a crafted ZIP file.



For Debian 7 "Wheezy", these problems have been fixed in version
0.13.56-1.1+deb7u1.

We recommend that you upgrade your zziplib packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZSYQzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH+1cP/ihjqG04tz4E+F3ojL4eDRiK
Sv10vUWuG7FAmElYyfNWPckPL1hWE3Ri4Gstpptu7CS3XPUaV/U7GM1HLDQwDEfl
c/npTFZonrE7I6S2lzVDIDpwPAskoEosWmZPXEM15uLu2H86d5TEsehK5SiVAIq6
2lmYB4J+ziXBY0iq/0+xn5KbWAtC+1ggzoUO8eWo+8/eekfERyCUGlA7MqeoGVa+
4o+33m/1EoenJ0v9ZtTRVypnwVkhHW1ojdF6F9iDGeiH0nYC9mTruWaEu7FeOnR5
S4hjd8Q22n/Nzu6Sky1IY49vN7bKKFptvYvkx2YQrf9lmNIzYiQsPbZyFbFNlTM8
ybv6BAvIdU7PSVt9WUb99oAmeI/z5nhxsDwJtn2dat/T+A/4C2rGIDljJVRWb2ES
H22ijwXxYGe0CXrzYWDzz5Ckks+aUwXqNeePqL4bhUpiBAQBqFDSbKx/+MMOaDUY
ppTccYh5xhxnNQTDYhDsm6KvaKYWvTiMUCA0TqdMCKbu7ecS4NtggcZQtYMWKLp1
Id8Ir3gsTJRjunXECwfoStjkBhaH/toeyfeVuWtqQQlwdqOl2Bwluuta4pGop4k9
2G6Mx2muzH4UIrtRdjvLGWqhYTza2U1e7uwVPes0SriCIE1sh7O8iXD++gFHmBL7
PgCFluU4IqhUC3JONnz/
=vmoo
-----END PGP SIGNATURE-----


Reply to: