[SECURITY] [DLA 2858-1] libzip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2858-1] libzip security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 27 Dec 2021 23:46:16 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2112272344260.26878@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2858-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
December 28, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libzip
Version        : 1.1.2-1.1+deb9u1
CVE ID         : CVE-2017-14107

An issue has been found in libzip, a library for reading, creating, andmodifying zip archives.Crafted ZIP archives could allow remote attackers to cause denial ofservice due to memorey allocation failure by mishandling EOCD records.



For Debian 9 stretch, this problem has been fixed in version
1.1.2-1.1+deb9u1.

We recommend that you upgrade your libzip packages.

For the detailed security status of libzip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libzip

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmHKUEhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcklRAAmpWTaz7aW9nd58yJ7SVpZMpFaaCcHcs9KgCpKCwDmoZF8ih1DLPVHN5p
i4dBWZ3Hu4YGiNOSliAANJbXkCkab13CJ1aHb5HuQwOh5tG360YV+/NHiKyHQoBH
xTmwJWeoGxZP6FdrRD4LTwxvCMB7eVukOrBxBHE+wvcEbv/Z1DwhvvQm8ft/TVuY
jJjauajQPh5RvzrXcZAK27rxCaJErt8CCghlISZ3unXORL0b8Lv0ug+TdjZsf6JL
W2JMmBPlJfYNJ5j6sQktd4qs1dOHiDoZFfAtrdgsHuHoQPmTUZgxs5CbO3a6/VgY
Q1kfMz+aQrkwxeZ7h7PCLdFzxIue3yCOOSzfpaZhCNZsejC1FW5Ksz9DMALxHtiB
d5w7tR1AMGrQpW1Re5e3AUQUh9UymZNUBBJlt1W4uXBfFZ+x7uybOEB1oC7/r2tZ
cirFIRTD7BQ4HEHB0CxDoUViuSFDbF0JAmCoMLFUn/iVCALnWtVrn9JRuIy9dSMn
AMgmF+PZH9wC5IY4darjDzBHhYpm8ufRsUGwjEzU2Tg3EotZn9p9QzmLENNnkAp/
TcXj7f2Y+a0y74ZjCIcBdPojwYXQxlsbN4kSirDfpwfYG0KEkWY/3Ae0L1eJtiiz
XXW1T+DzIxYInhJCxHrOB4jZ6CYXRcUu+XJ2A7/CZ9yW9feYLgQ=
=fh3l
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2859-1] zziplib security update
Next by Date: [SECURITY] [DLA 2853-1] ruby2.3 security update
Previous by thread: [SECURITY] [DLA 2859-1] zziplib security update
Next by thread: [SECURITY] [DLA 2853-1] ruby2.3 security update
Index(es):
- Date
- Thread