FEDORA-2017-840db88351

security update in Fedora 26 for libzip

Status: stable 2 years ago

Version 1.3.0

It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL.

The changes are:

  • Support bzip2 compressed zip archives
  • Improve file progress callback code
  • Fix zip_fdopen()
  • CVE-2017-12858: Fix double free().
  • CVE-2017-14107: Improve EOCD64 parsing.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-840db88351

Comments 7

This update has been submitted for testing by remi.

This update has been pushed to testing.

No regressions noted in dependent applications.

karma: +1

works

karma: +1

works for me

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 1

00 #1484515 CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]

Automated Test Results