{ "schema_version": "1.6.2", "id": "MGASA-2017-0163", "published": "2017-06-09T23:05:58Z", "modified": "2017-06-09T22:51:19Z", "summary": "Updated zziplib packages fix security vulnerability", "details": "Heap-based buffer overflow in __zzip_get32 in fetch.c (CVE-2017-5974).\n\nHeap-based buffer overflow in __zzip_get64 in fetch.c (CVE-2017-5975).\n\nHeap-based buffer overflow in zzip_mem_entry_extra_block in memdisk.c\n(CVE-2017-5976).\n\nInvalid memory read in zzip_mem_entry_extra_block in memdisk.c\n(CVE-2017-5977).\n\nOut of bounds read in zzip_mem_entry_new in memdisk.c (CVE-2017-5978).\n\nNULL pointer dereference in prescan_entry in fseeko.c (CVE-2017-5979).\n\nNULL pointer dereference in zzip_mem_entry_new in memdisk.c\n(CVE-2017-5980).\n\nAssertion failure in seeko.c (CVE-2017-5981).\n\nNULL pointer dereference in main in unzzipcat-mem.c (bsc#1024532).\n\nNULL pointer dereference in main in unzzipcat.c (bsc#1024537).\n", "related": [ "CVE-2017-5974", "CVE-2017-5975", "CVE-2017-5976", "CVE-2017-5977", "CVE-2017-5978", "CVE-2017-5979", "CVE-2017-5980", "CVE-2017-5981" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2017-0163.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=20285" }, { "type": "REPORT", "url": "https://lists.opensuse.org/opensuse-updates/2017-05/msg00025.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "zziplib", "purl": "pkg:rpm/mageia/zziplib?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.13.62-5.1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }