You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa zziplib

Sigurnosni nedostaci programskog paketa zziplib

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3320-1
June 15, 2017

zziplib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

zziplib could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– zziplib: library providing read access on ZIP-archives

Details:

Agostino Sarubbo discovered that zziplib incorrectly handled certain
malformed ZIP files. If a user or automated system were tricked into
opening a specially crafted ZIP file, a remote attacker could cause zziplib
to crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
libzzip-0-13 0.13.62-3ubuntu0.17.04.1

Ubuntu 16.10:
libzzip-0-13 0.13.62-3ubuntu0.16.10.1

Ubuntu 16.04 LTS:
libzzip-0-13 0.13.62-3ubuntu0.16.04.1

Ubuntu 14.04 LTS:
libzzip-0-13 0.13.62-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3320-1
CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

Package Information:
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-2ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZQqcBAAoJEGVp2FWnRL6TT/sP/3FoblfanKGn1MD/Hug6YX5i
pvIDq/0cVfrkRsfKFOh+5etESyOXE1b0lTYlIjQ2KTbF6kA3ZljjwTTBGuODlU6t
XCpTq8ZlvF3Jj9O71PpPzUk6gCIsknRS0qgWUptf/QJb6COiURDfUSUOUnDCXU11
UlyxABMcYnwvyBdPHhgLPaGwfeAxlZv1lF0d1mbinqegqff516ZzfWwx1pZy0kvl
uSMfJ8OINCMXg/F1wYiM9ps8/DSohrK38e7qcXwYsqIILyDGKYdCGaWUgsNxOGMK
ro040+oPpcMHXsFDQOY57RPST1OQEt4Kx7+Oyfs69Fjrt04ItLgPMWNeGkZ6lhny
CJIFPst1xr/hwYGRo3a2sBKjU7BrBBjophAhsz0G7m4BI/9pXP+6XnhKL/K7ZZan
KW11rDnltOVjnE18abQ3n2kT83d4ymJSsELAPTH7ab+YCM7bxRY7XDC9TiZvMTue
QFuSq2S174eovn/X1PyekXxOjH2eez3aU2MJ7R6J/czWNL5rfc7GHA29jA9Y+3X3
noWImIhSgVcSUPK0wWOxHPZ5BBHCZj/m41cX6+3ICkNi9F2iRdkdza9LFVjWC5X/
ku2bhvEaGW6bM/io/pVXcHxSnjQ/OAqa/nXEscDniOWAeqn6LZodnJoz1XqjT4tB
UrnKEAqq03Z+BVp1ve2F
=/iwI
—–END PGP SIGNATURE—–

AutorVlatka Misic
Cert idNCERT-REF-2017-06-0097-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libmwaw

Otkriven je sigurnosni nedostatak u programskoj biblioteci libmwaw za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanjem...

Close