- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2858-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 28, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libzip Version : 1.1.2-1.1+deb9u1 CVE ID : CVE-2017-14107 An issue has been found in libzip, a library for reading, creating, and modifying zip archives. Crafted ZIP archives could allow remote attackers to cause denial of service due to memorey allocation failure by mishandling EOCD records. For Debian 9 stretch, this problem has been fixed in version 1.1.2-1.1+deb9u1. We recommend that you upgrade your libzip packages. For the detailed security status of libzip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libzip Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS