Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1095-1

Опубликовано: 24 апр. 2017
Источник: suse-cvrf

Описание

Security update for zziplib

This update for zziplib fixes the following issues:

Secuirty issues fixed:

  • CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517)
  • CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528)
  • CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531)
  • CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534)
  • CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533)
  • CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535)
  • CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536)
  • CVE-2017-5981: assertion failure in seeko.c (bsc#1024539)
  • NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532)
  • NULL pointer dereference in main (unzzipcat.c) (bsc#1024537)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2
libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libzzip-0-13-0.13.62-9.1
zziplib-devel-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libzzip-0-13-0.13.62-9.1
zziplib-devel-0.13.62-9.1
SUSE Linux Enterprise Workstation Extension 12 SP1
libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Workstation Extension 12 SP2
libzzip-0-13-0.13.62-9.1

Ссылки

Описание

Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки

Описание

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Desktop 12 SP2:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libzzip-0-13-0.13.62-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:zziplib-devel-0.13.62-9.1
Ссылки