Oval Definition:oval:org.opensuse.security:def:78661
Revision Date:2017-04-24Version:1
Title:Security update for zziplib (Moderate)
Description:



This update for zziplib fixes the following issues:

Secuirty issues fixed: - CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517) - CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528) - CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531) - CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534) - CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533) - CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535) - CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536) - CVE-2017-5981: assertion failure in seeko.c (bsc#1024539) - NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532) - NULL pointer dereference in main (unzzipcat.c) (bsc#1024537)
Family:unixClass:patch
Status:Reference(s):1024517
1024528
1024531
1024532
1024533
1024534
1024535
1024536
1024537
1024539
CVE-2017-5974
CVE-2017-5975
CVE-2017-5976
CVE-2017-5977
CVE-2017-5978
CVE-2017-5979
CVE-2017-5980
CVE-2017-5981
SUSE-SU-2017:1095-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND libzzip-0-13-0.13.62-9.1 is installed
    • BACK