drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in zziplib
| Name: |
Pufferüberlauf in zziplib |
|
| ID: |
DTSA-56-1 |
|
| Distribution: |
Debian Testing |
|
| Plattformen: |
Debian testing |
|
| Datum: |
Di, 4. September 2007, 23:00 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1614 |
|
| Applikationen: |
ZZIPlib |
|
Originalnachricht |
--===============8923671945996707236==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="+QahgC5+KEYLbs62"
Content-Disposition: inline
--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-56-1 September 4st, 2007
secure-testing-team at lists.alioth.debian.org Nico Golde
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------
Package : zziplib
Vulnerability : buffer overflow
Problem-Scope : remote
Debian-specific: no
CVE ID : CVE-2007-1614
The zziplib library is prone to a stack-based buffer overflow
which might allow remote attackers to execute arbitrary code
or denial of service (application crash) via a long file name.
For the testing distribution (lenny) this is fixed in version
0.12.83-8lenny1
For the unstable distribution (sid) this is fixed in version
0.13.49-0
This upgrade is recommended if you use zziplib
(zziplib-bin, libzzip-0-12, libzzip-dev)
Upgrade Instructions
- --------------------
To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get upgrade
For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG3cbiHYflSXNkfP8RArNgAJ4zZd6Fzv9hJhQ6fVKVhz7aFbFJTwCgnkZZ
G75oITJUQC6S3xRJRjXp2/Y=
=2JtQ
-----END PGP SIGNATURE-----
--+QahgC5+KEYLbs62--
--===============8923671945996707236==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
secure-testing-announce mailing list
secure-testing-announce@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce
--===============8923671945996707236==--
|
|
|
|
