[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DTSA-56-1] New zziplib packages fix buffer overflow

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-56-1               September 4st, 2007
secure-testing-team at lists.alioth.debian.org                    Nico Golde
- --------------------------------------------------------------------------

Package        : zziplib
Vulnerability  : buffer overflow
Problem-Scope  : remote
Debian-specific: no
CVE ID         : CVE-2007-1614

The zziplib library is prone to a stack-based buffer overflow
which might allow remote attackers to execute arbitrary code
or denial of service (application crash) via a long file name.

For the testing distribution (lenny) this is fixed in version

For the unstable distribution (sid) this is fixed in version

This upgrade is recommended if you use zziplib
(zziplib-bin, libzzip-0-12, libzzip-dev)

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-announce/attachments/20070904/6cbfa18a/attachment.pgp 

Reply to: