Advisories » MGASA-2024-0289

Updated zziplib packages fix security vulnerability

Publication date: 10 Sep 2024
Modification date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-39134

Description

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows
attackers to cause a denial of service via the
__zzip_fetch_disk_trailer() function at /zzip/zip.c. (CVE-2024-39134)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33527
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019205.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39134

SRPMS

9/core

• zziplib-0.13.72-2.2.mga9