MGASA-2024-0019 - Updated zlib packages fix a security vulnerability

Publication date: 30 Jan 2024
URL: https://advisories.mageia.org/MGASA-2024-0019.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2014-9485

Updated zlib packages fix a security vulnerability:

Directory traversal vulnerability in the do_extract_currentfile
function in miniunz.c in miniunzip in minizip before 1.1-5 might
allow remote attackers to write to arbitrary files via a crafted
entry in a ZIP archive.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32785
- https://www.openwall.com/lists/oss-security/2024/01/24/10
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9485

SRPMS:
- 9/core/zlib-1.2.13-1.2.mga9

Mageia 2024-0019: zlib security update

Updated zlib packages fix a security vulnerability: Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 migh...

Summary

Updated zlib packages fix a security vulnerability:
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.

References

- https://bugs.mageia.org/show_bug.cgi?id=32785

- https://www.openwall.com/lists/oss-security/2024/01/24/10

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9485

Resolution

MGASA-2024-0019 - Updated zlib packages fix a security vulnerability

SRPMS

- 9/core/zlib-1.2.13-1.2.mga9

Severity
Publication date: 30 Jan 2024
URL: https://advisories.mageia.org/MGASA-2024-0019.html
Type: security
CVE: CVE-2014-9485

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo