Updated zziplib packages fix security vulnerability
Publication date: 09 Jun 2017Modification date: 09 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5974 , CVE-2017-5975 , CVE-2017-5976 , CVE-2017-5977 , CVE-2017-5978 , CVE-2017-5979 , CVE-2017-5980 , CVE-2017-5981
Description
Heap-based buffer overflow in __zzip_get32 in fetch.c (CVE-2017-5974). Heap-based buffer overflow in __zzip_get64 in fetch.c (CVE-2017-5975). Heap-based buffer overflow in zzip_mem_entry_extra_block in memdisk.c (CVE-2017-5976). Invalid memory read in zzip_mem_entry_extra_block in memdisk.c (CVE-2017-5977). Out of bounds read in zzip_mem_entry_new in memdisk.c (CVE-2017-5978). NULL pointer dereference in prescan_entry in fseeko.c (CVE-2017-5979). NULL pointer dereference in zzip_mem_entry_new in memdisk.c (CVE-2017-5980). Assertion failure in seeko.c (CVE-2017-5981). NULL pointer dereference in main in unzzipcat-mem.c (bsc#1024532). NULL pointer dereference in main in unzzipcat.c (bsc#1024537).
References
- https://bugs.mageia.org/show_bug.cgi?id=20285
- https://lists.opensuse.org/opensuse-updates/2017-05/msg00025.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
SRPMS
5/core
- zziplib-0.13.62-5.1.mga5