Advisories ยป MGASA-2017-0163

Updated zziplib packages fix security vulnerability

Publication date: 09 Jun 2017
Modification date: 09 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5974 , CVE-2017-5975 , CVE-2017-5976 , CVE-2017-5977 , CVE-2017-5978 , CVE-2017-5979 , CVE-2017-5980 , CVE-2017-5981

Description

Heap-based buffer overflow in __zzip_get32 in fetch.c (CVE-2017-5974).

Heap-based buffer overflow in __zzip_get64 in fetch.c (CVE-2017-5975).

Heap-based buffer overflow in zzip_mem_entry_extra_block in memdisk.c
(CVE-2017-5976).

Invalid memory read in zzip_mem_entry_extra_block in memdisk.c
(CVE-2017-5977).

Out of bounds read in zzip_mem_entry_new in memdisk.c (CVE-2017-5978).

NULL pointer dereference in prescan_entry in fseeko.c (CVE-2017-5979).

NULL pointer dereference in zzip_mem_entry_new in memdisk.c
(CVE-2017-5980).

Assertion failure in seeko.c (CVE-2017-5981).

NULL pointer dereference in main in unzzipcat-mem.c (bsc#1024532).

NULL pointer dereference in main in unzzipcat.c (bsc#1024537).
                

References

SRPMS

5/core