Overview

File _patchinfo of Package patchinfo.4426

<patchinfo incident="4426">
  <issue id="1024517" tracker="bnc">VUL-1: CVE-2017-5974: zziplib: heap-based buffer overflow in __zzip_get32 (fetch.c)</issue>
  <issue id="1024528" tracker="bnc">VUL-1: CVE-2017-5975: zziplib: heap-based buffer overflow in __zzip_get64 (fetch.c)</issue>
  <issue id="1024531" tracker="bnc">VUL-1: CVE-2017-5976: zziplib: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c)</issue>
  <issue id="1024532" tracker="bnc">VUL-1: zziplib: NULL pointer dereference in main (unzzipcat-mem.c)</issue>
  <issue id="1024533" tracker="bnc">VUL-1: CVE-2017-5978: zziplib: out of bounds read in zzip_mem_entry_new (memdisk.c)</issue>
  <issue id="1024534" tracker="bnc">VUL-1: CVE-2017-5977: zziplib: invalid memory read in zzip_mem_entry_extra_block (memdisk.c)</issue>
  <issue id="1024535" tracker="bnc">VUL-1: CVE-2017-5979: zziplib: NULL pointer dereference in prescan_entry (fseeko.c)</issue>
  <issue id="1024536" tracker="bnc">VUL-1: CVE-2017-5980: zziplib: NULL pointer dereference in zzip_mem_entry_new (memdisk.c)</issue>
  <issue id="1024537" tracker="bnc">VUL-1: zziplib: NULL pointer dereference in main (unzzipcat.c)</issue>
  <issue id="1024539" tracker="bnc">VUL-1: CVE-2017-5981: zziplib: assertion failure in seeko.c</issue>
  <issue id="2017-5974" tracker="cve" />
  <issue id="2017-5975" tracker="cve" />
  <issue id="2017-5976" tracker="cve" />
  <issue id="2017-5977" tracker="cve" />
  <issue id="2017-5978" tracker="cve" />
  <issue id="2017-5979" tracker="cve" />
  <issue id="2017-5980" tracker="cve" />
  <issue id="2017-5981" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jmoellers</packager>
  <description>
This update for zziplib fixes the following issues:

Secuirty issues fixed:
- CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517)
- CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528)
- CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531)
- CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534)
- CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533)
- CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535)
- CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536)
- CVE-2017-5981: assertion failure in seeko.c (bsc#1024539)
- NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532)
- NULL pointer dereference in main (unzzipcat.c) (bsc#1024537)
</description>
  <summary>Security update for zziplib</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places