Fedora 27: libzip Security Update
Summary
libzip is a C library for reading, creating, and modifying zip archives. Files
can be added from data buffers, files, or compressed data copied directly from
other zip archives. Changes made without closing the archive can be reverted.
The API is documented by man pages.
**Version 1.3.0** It contains fixes for two possible security problems. The
problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using
AFL. The changes are: * Support bzip2 compressed zip archives * Improve file
progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). *
CVE-2017-14107: Improve EOCD64 parsing.
[ 1 ] Bug #1484515 - CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1484515
su -c 'dnf upgrade libzip' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2017-7bd193c0ed 2017-09-30 05:57:53.205860 Product : Fedora 27 Version : 1.3.0 Release : 1.fc27 URL : https://libzip.org/ Summary : C library for reading, creating, and modifying zip archives Description : libzip is a C library for reading, creating, and modifying zip archives. Files can be added from data buffers, files, or compressed data copied directly from other zip archives. Changes made without closing the archive can be reverted. The API is documented by man pages. **Version 1.3.0** It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL. The changes are: * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. [ 1 ] Bug #1484515 - CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1484515 su -c 'dnf upgrade libzip' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References