FEDORA-2017-840db88351

security update in Fedora 26 for libzip

Status: stable 2 years ago

Version 1.3.0

It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL.

The changes are:

  • Support bzip2 compressed zip archives
  • Improve file progress callback code
  • Fix zip_fdopen()
  • CVE-2017-12858: Fix double free().
  • CVE-2017-14107: Improve EOCD64 parsing.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-840db88351

Comments 7

This update has been submitted for testing by remi.

This update has been pushed to testing.

No regressions noted in dependent applications.

karma: +1

works

karma: +1

works for me

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 1

00 #1484515 CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]

Automated Test Results