Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2546-1

Опубликовано: 21 сент. 2017
Источник: suse-cvrf

Описание

Security update for libzip

This update for libzip fixes one issues.

This security issue was fixed:

  • CVE-2017-14107: The _zip_read_eocd64 function mishandled EOCD records, which allowed remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive (bsc#1056996).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Desktop 12 SP3
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server 12 SP2
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server 12 SP3
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libzip-devel-0.11.1-13.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libzip-devel-0.11.1-13.3.1

Ссылки

Описание

The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Desktop 12 SP3:libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server 12 SP2:libzip2-0.11.1-13.3.1
SUSE Linux Enterprise Server 12 SP3:libzip2-0.11.1-13.3.1
Ссылки