Univention Bugzilla – Bug 44856
zziplib: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:25 CEST
Debian package version 0.13.62-3+deb8u1 fixes these issues: * Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. (CVE-2017-5974) * Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. (CVE-2017-5975) * Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. (CVE-2017-5976) * The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. (CVE-2017-5978) * The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. (CVE-2017-5979) * The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. (CVE-2017-5980) * seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. (CVE-2017-5981)
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
--- mirror/ftp/4.2/unmaintained/4.2-0/source/zziplib_0.13.62-3.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/zziplib_0.13.62-3+deb8u1.dsc @@ -1,3 +1,8 @@ +0.13.62-3+deb8u1 [Fri, 09 Jun 2017 21:07:55 +0200] Moritz Muehlenhoff <jmm@debian.org>: + + * CVE-2017-5981 CVE-2017-5980 CVE-2017-5979 CVE-2017-5978 CVE-2017-5976 + CVE-2017-5975 CVE-2017-5974 + 0.13.62-3 [Sun, 24 Aug 2014 22:20:40 -0400] Scott Howard <showard@debian.org>: * debian/rules: Lintian error cleaning pkg-config-bad-directive
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory adjusted: b151aa6613 | Sort CVEs
<http://errata.software-univention.de/ucs/4.2/367.html>