[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1505-1] zutils security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : zutils
Version        : 1.3-4+deb8u1
CVE ID         : CVE-2018-1000637
Debian Bug     : 902936


zutils version prior to version 1.8-pre2 contains a buffer
overflow vulnerability in zcat which happened with some
input files when the '-v, --show-nonprinting' option was
used (or indirectly enabled). This can result in potential
denial of service or arbitrary code execution. This attack
appear is exploitable via the victim openning a crafted
compressed file and has been fixed in 1.8-pre2.

For Debian 8 "Jessie", this problem has been fixed in
version 1.3-4+deb8u1.

We recommend that you upgrade your zutils packages.

Further information about Debian LTS security advisories,
how to apply these updates to your system and frequently
asked questions can be found at: https://wiki.debian.org/LTS

Regards,
Daniel
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAludevoACgkQVc8b+Yar
ucdJwg/+NgbIKXk6fi6eNLstTM9S2AC1Y/aRAzVpARxXoNr8jIILG7XLHcIeEoDn
LT2YIZn1CKPd6b2Ek+St7DQ7xRuWgyh1yrkcC6MpFO26JtO2Av63hEF2CnfyaO6f
WG84Y+sNmTmD4jBUwDaKHar3Se0UYzb+G95uY4wtGPis+7JanhMml8wP5vaPHu9c
Vsvf7m5l4bUvdE9WKqdlK66qPQQr+T7eGc67jHAcy2YGMsu2aaYcax4OWnpoYcZ5
t/uGwh0sd3sehOad5e42dLdQdVjd3ZEi1bR2fhAweUNxyCz6YeB7XRyJE9/MNVoK
DPtOFQPiekr6MA65yti0jjEyQwzVvnrNT7OiWWPIJ/kdyJ6KbJ/GAiapVnlAvVnF
BjVUKTd2MPdV2nNfrXWDPHCxSbtPfOAjyf1AHgosFdTYJ+8JuJdARJAPYKaC4KEK
QaWynlC/QNB11v6cODHQfX3gj03UvxAaIwHLNIwNebX71VqXgULSZ7wQvwJY+7fZ
V58xyBAiFPtBeJaSb40lhVeOVvVOlS8N8X92iNPmikcPAKvrseYds+kZKWt6rPqd
HsRWPjGbZn2LCBXgs/+f7vJDJ5XvWGEz/9ilc6EuNav8lxX67WWN92o+w1b14QCK
NSwXtkhfPnChoyPXqgEHmSqnqycrl8Xb4/Bl0G4on4R8EmDBQOs=
=JeFl
-----END PGP SIGNATURE-----


Reply to: