openSUSE Security Update : zziplib (openSUSE-2017-554)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for zziplib fixes the following issues :

Secuirty issues fixed :

- CVE-2017-5974: heap-based buffer overflow in
__zzip_get32 (fetch.c) (bsc#1024517)

- CVE-2017-5975: heap-based buffer overflow in
__zzip_get64 (fetch.c) (bsc#1024528)

- CVE-2017-5976: heap-based buffer overflow in
zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531)

- CVE-2017-5977: invalid memory read in
zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534)

- CVE-2017-5978: out of bounds read in zzip_mem_entry_new
(memdisk.c) (bsc#1024533)

- CVE-2017-5979: NULL pointer dereference in prescan_entry
(fseeko.c) (bsc#1024535)

- CVE-2017-5980: NULL pointer dereference in
zzip_mem_entry_new (memdisk.c) (bsc#1024536)

- CVE-2017-5981: assertion failure in seeko.c
(bsc#1024539)

- NULL pointer dereference in main (unzzipcat-mem.c)
(bsc#1024532)

- NULL pointer dereference in main (unzzipcat.c)
(bsc#1024537)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1024517
https://bugzilla.opensuse.org/show_bug.cgi?id=1024528
https://bugzilla.opensuse.org/show_bug.cgi?id=1024531
https://bugzilla.opensuse.org/show_bug.cgi?id=1024532
https://bugzilla.opensuse.org/show_bug.cgi?id=1024533
https://bugzilla.opensuse.org/show_bug.cgi?id=1024534
https://bugzilla.opensuse.org/show_bug.cgi?id=1024535
https://bugzilla.opensuse.org/show_bug.cgi?id=1024536
https://bugzilla.opensuse.org/show_bug.cgi?id=1024537
https://bugzilla.opensuse.org/show_bug.cgi?id=1024539

Solution :

Update the affected zziplib packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 100038 ()

Bugtraq ID:

CVE ID: CVE-2017-5974
CVE-2017-5975
CVE-2017-5976
CVE-2017-5977
CVE-2017-5978
CVE-2017-5979
CVE-2017-5980
CVE-2017-5981

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now