FEDORA-2017-7bd193c0ed

security update in Fedora 27 for libzip

Status: stable 2 years ago

Version 1.3.0

It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL.

The changes are:

  • Support bzip2 compressed zip archives
  • Improve file progress callback code
  • Fix zip_fdopen()
  • CVE-2017-12858: Fix double free().
  • CVE-2017-14107: Improve EOCD64 parsing.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-7bd193c0ed

Comments 6

This update has been submitted for testing by remi.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by remi.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 1

0+1 #1484515 CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]

Automated Test Results