[SECURITY] [DTSA-56-1] New zziplib packages fix buffer overflow
- Subject: [SECURITY] [DTSA-56-1] New zziplib packages fix buffer overflow
- From: nion at debian.org (Nico Golde)
- Date: Tue, 4 Sep 2007 22:58:11 +0200
- Message-id: <[🔎] 20070904205810.GA14648@ngolde.de>
- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-56-1 September 4st, 2007
secure-testing-team at lists.alioth.debian.org Nico Golde
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------
Package : zziplib
Vulnerability : buffer overflow
Problem-Scope : remote
Debian-specific: no
CVE ID : CVE-2007-1614
The zziplib library is prone to a stack-based buffer overflow
which might allow remote attackers to execute arbitrary code
or denial of service (application crash) via a long file name.
For the testing distribution (lenny) this is fixed in version
0.12.83-8lenny1
For the unstable distribution (sid) this is fixed in version
0.13.49-0
This upgrade is recommended if you use zziplib
(zziplib-bin, libzzip-0-12, libzzip-dev)
Upgrade Instructions
- --------------------
To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get upgrade
For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-announce/attachments/20070904/6cbfa18a/attachment.pgp
Reply to: