drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ZZIPlib
Name: |
Mehrere Probleme in ZZIPlib |
|
ID: |
USN-3320-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Do, 15. Juni 2017, 23:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5978 |
|
Applikationen: |
ZZIPlib |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8311560249606157410== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ Content-Type: multipart/mixed; boundary="rXg552IOsAAkgVpqw0tBOdGkxbrNqLP77"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <b217a6b6-5e4d-6833-2d9e-a312f904f289@canonical.com> Subject: [USN-3320-1] zziplib vulnerabilities
--rXg552IOsAAkgVpqw0tBOdGkxbrNqLP77 Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3320-1 June 15, 2017
zziplib vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
zziplib could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - zziplib: library providing read access on ZIP-archives
Details:
Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libzzip-0-13 0.13.62-3ubuntu0.17.04.1
Ubuntu 16.10: libzzip-0-13 0.13.62-3ubuntu0.16.10.1
Ubuntu 16.04 LTS: libzzip-0-13 0.13.62-3ubuntu0.16.04.1
Ubuntu 14.04 LTS: libzzip-0-13 0.13.62-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3320-1 CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981
Package Information: https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/zziplib/0.13.62-2ubuntu0.1
--rXg552IOsAAkgVpqw0tBOdGkxbrNqLP77--
--GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZQqcBAAoJEGVp2FWnRL6TT/sP/3FoblfanKGn1MD/Hug6YX5i pvIDq/0cVfrkRsfKFOh+5etESyOXE1b0lTYlIjQ2KTbF6kA3ZljjwTTBGuODlU6t XCpTq8ZlvF3Jj9O71PpPzUk6gCIsknRS0qgWUptf/QJb6COiURDfUSUOUnDCXU11 UlyxABMcYnwvyBdPHhgLPaGwfeAxlZv1lF0d1mbinqegqff516ZzfWwx1pZy0kvl uSMfJ8OINCMXg/F1wYiM9ps8/DSohrK38e7qcXwYsqIILyDGKYdCGaWUgsNxOGMK ro040+oPpcMHXsFDQOY57RPST1OQEt4Kx7+Oyfs69Fjrt04ItLgPMWNeGkZ6lhny CJIFPst1xr/hwYGRo3a2sBKjU7BrBBjophAhsz0G7m4BI/9pXP+6XnhKL/K7ZZan KW11rDnltOVjnE18abQ3n2kT83d4ymJSsELAPTH7ab+YCM7bxRY7XDC9TiZvMTue QFuSq2S174eovn/X1PyekXxOjH2eez3aU2MJ7R6J/czWNL5rfc7GHA29jA9Y+3X3 noWImIhSgVcSUPK0wWOxHPZ5BBHCZj/m41cX6+3ICkNi9F2iRdkdza9LFVjWC5X/ ku2bhvEaGW6bM/io/pVXcHxSnjQ/OAqa/nXEscDniOWAeqn6LZodnJoz1XqjT4tB UrnKEAqq03Z+BVp1ve2F =/iwI -----END PGP SIGNATURE-----
--GqX8WTHDwWPvBx3MLLwW5ARaH7NUeQWwJ--
--===============8311560249606157410== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8311560249606157410==--
|
|
|
|