Sicherheit: Mehrere Probleme in ZZIPlib

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8311560249606157410==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ
Content-Type: multipart/mixed;
boundary="rXg552IOsAAkgVpqw0tBOdGkxbrNqLP77";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <b217a6b6-5e4d-6833-2d9e-a312f904f289@canonical.com>
Subject: [USN-3320-1] zziplib vulnerabilities

--rXg552IOsAAkgVpqw0tBOdGkxbrNqLP77
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3320-1
June 15, 2017

zziplib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

zziplib could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- zziplib: library providing read access on ZIP-archives

Details:

Agostino Sarubbo discovered that zziplib incorrectly handled certain
malformed ZIP files. If a user or automated system were tricked into
opening a specially crafted ZIP file, a remote attacker could cause zziplib
to crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
libzzip-0-13 0.13.62-3ubuntu0.17.04.1

Ubuntu 16.10:
libzzip-0-13 0.13.62-3ubuntu0.16.10.1

Ubuntu 16.04 LTS:
libzzip-0-13 0.13.62-3ubuntu0.16.04.1

Ubuntu 14.04 LTS:
libzzip-0-13 0.13.62-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3320-1
CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

Package Information:
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-2ubuntu0.1

--rXg552IOsAAkgVpqw0tBOdGkxbrNqLP77--

--GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJZQqcBAAoJEGVp2FWnRL6TT/sP/3FoblfanKGn1MD/Hug6YX5i
pvIDq/0cVfrkRsfKFOh+5etESyOXE1b0lTYlIjQ2KTbF6kA3ZljjwTTBGuODlU6t
XCpTq8ZlvF3Jj9O71PpPzUk6gCIsknRS0qgWUptf/QJb6COiURDfUSUOUnDCXU11
UlyxABMcYnwvyBdPHhgLPaGwfeAxlZv1lF0d1mbinqegqff516ZzfWwx1pZy0kvl
uSMfJ8OINCMXg/F1wYiM9ps8/DSohrK38e7qcXwYsqIILyDGKYdCGaWUgsNxOGMK
ro040+oPpcMHXsFDQOY57RPST1OQEt4Kx7+Oyfs69Fjrt04ItLgPMWNeGkZ6lhny
CJIFPst1xr/hwYGRo3a2sBKjU7BrBBjophAhsz0G7m4BI/9pXP+6XnhKL/K7ZZan
KW11rDnltOVjnE18abQ3n2kT83d4ymJSsELAPTH7ab+YCM7bxRY7XDC9TiZvMTue
QFuSq2S174eovn/X1PyekXxOjH2eez3aU2MJ7R6J/czWNL5rfc7GHA29jA9Y+3X3
noWImIhSgVcSUPK0wWOxHPZ5BBHCZj/m41cX6+3ICkNi9F2iRdkdza9LFVjWC5X/
ku2bhvEaGW6bM/io/pVXcHxSnjQ/OAqa/nXEscDniOWAeqn6LZodnJoz1XqjT4tB
UrnKEAqq03Z+BVp1ve2F
=/iwI
-----END PGP SIGNATURE-----

--GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ--

--===============8311560249606157410==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8311560249606157410==--