Bug 44856 - zziplib: Multiple issues (4.2)
zziplib: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-3-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-26 14:25 CEST by Arvid Requate
Modified: 2018-05-08 14:56 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-06-26 14:25:50 CEST
Debian package version 0.13.62-3+deb8u1 fixes these issues:

* Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. (CVE-2017-5974)
* Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. (CVE-2017-5975)
* Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. (CVE-2017-5976)
* The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. (CVE-2017-5978)
* The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. (CVE-2017-5979)
* The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. (CVE-2017-5980)
* seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. (CVE-2017-5981)
Comment 1 Philipp Hahn univentionstaff 2018-01-25 10:59:34 CET
Mass-import from Debian-Security:
  python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553

YAML: git:bd6159834a..449aa5a7cf
Comment 2 Quality Assurance univentionstaff 2018-05-04 16:58:07 CEST
--- mirror/ftp/4.2/unmaintained/4.2-0/source/zziplib_0.13.62-3.dsc
+++ apt/ucs_4.2-0-errata4.2-3/source/zziplib_0.13.62-3+deb8u1.dsc
@@ -1,3 +1,8 @@
+0.13.62-3+deb8u1 [Fri, 09 Jun 2017 21:07:55 +0200] Moritz Muehlenhoff <jmm@debian.org>:
+
+  * CVE-2017-5981 CVE-2017-5980 CVE-2017-5979 CVE-2017-5978 CVE-2017-5976
+    CVE-2017-5975 CVE-2017-5974
+
 0.13.62-3 [Sun, 24 Aug 2014 22:20:40 -0400] Scott Howard <showard@debian.org>:
 
   * debian/rules: Lintian error cleaning pkg-config-bad-directive
Comment 3 Arvid Requate univentionstaff 2018-05-08 12:23:21 CEST
* No UCS specific patches
* Comparison to previously shipped version ok
* Binary package update Ok
* Advisory adjusted:
  b151aa6613 | Sort CVEs
Comment 4 Arvid Requate univentionstaff 2018-05-08 14:56:25 CEST
<http://errata.software-univention.de/ucs/4.2/367.html>