Updated libzip packages fix security vulnerability
Publication date: 02 Jan 2018Modification date: 02 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14107
Description
The _zip_read_eocd64 function mishandled EOCD records, which allowed remote
attackers to cause a denial of service (memory allocation failure in
_zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive (CVE-2017-14107).
References
SRPMS
5/core
- libzip-0.11.2-4.1.mga5
6/core
- libzip-1.1.3-1.1.mga6