Overview Repositories Revisions Requests Users Attributes Meta
Security update for zziplib

This update for zziplib fixes the following issues:

Secuirty issues fixed:

- CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517)
- CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528)
- CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531)
- CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534)
- CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533)
- CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535)
- CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536)
- CVE-2017-5981: assertion failure in seeko.c (bsc#1024539)
- NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532)
- NULL pointer dereference in main (unzzipcat.c) (bsc#1024537)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1024517
VUL-1: CVE-2017-5974: zziplib: heap-based buffer overflow in __zzip_get32 (fetch.c)
bnc#1024528
VUL-1: CVE-2017-5975: zziplib: heap-based buffer overflow in __zzip_get64 (fetch.c)
bnc#1024531
VUL-1: CVE-2017-5976: zziplib: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c)
bnc#1024532
VUL-1: zziplib: NULL pointer dereference in main (unzzipcat-mem.c)
bnc#1024533
VUL-1: CVE-2017-5978: zziplib: out of bounds read in zzip_mem_entry_new (memdisk.c)
bnc#1024534
VUL-1: CVE-2017-5977: zziplib: invalid memory read in zzip_mem_entry_extra_block (memdisk.c)
bnc#1024535
VUL-1: CVE-2017-5979: zziplib: NULL pointer dereference in prescan_entry (fseeko.c)
bnc#1024536
VUL-1: CVE-2017-5980: zziplib: NULL pointer dereference in zzip_mem_entry_new (memdisk.c)
bnc#1024537
VUL-1: zziplib: NULL pointer dereference in main (unzzipcat.c)
bnc#1024539
VUL-1: CVE-2017-5981: zziplib: assertion failure in seeko.c
CVE-2017-5974
CVE-2017-5975
CVE-2017-5976
CVE-2017-5977
CVE-2017-5978
CVE-2017-5979
CVE-2017-5980
CVE-2017-5981
Selected Binaries
openSUSE Build Service is sponsored by
Places