Advisories » MGASA-2024-0019

Updated zlib packages fix a security vulnerability

Publication date: 30 Jan 2024
Modification date: 30 Jan 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2014-9485

Description

Updated zlib packages fix a security vulnerability:

Directory traversal vulnerability in the do_extract_currentfile
function in miniunz.c in miniunzip in minizip before 1.1-5 might
allow remote attackers to write to arbitrary files via a crafted
entry in a ZIP archive.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32785
• https://www.openwall.com/lists/oss-security/2024/01/24/10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9485

SRPMS

9/core

• zlib-1.2.13-1.2.mga9