openSUSE Security Update : zziplib (openSUSE-2017-554)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for zziplib fixes the following issues :

Secuirty issues fixed :

- CVE-2017-5974: heap-based buffer overflow in
__zzip_get32 (fetch.c) (bsc#1024517)

- CVE-2017-5975: heap-based buffer overflow in
__zzip_get64 (fetch.c) (bsc#1024528)

- CVE-2017-5976: heap-based buffer overflow in
zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531)

- CVE-2017-5977: invalid memory read in
zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534)

- CVE-2017-5978: out of bounds read in zzip_mem_entry_new
(memdisk.c) (bsc#1024533)

- CVE-2017-5979: NULL pointer dereference in prescan_entry
(fseeko.c) (bsc#1024535)

- CVE-2017-5980: NULL pointer dereference in
zzip_mem_entry_new (memdisk.c) (bsc#1024536)

- CVE-2017-5981: assertion failure in seeko.c

- NULL pointer dereference in main (unzzipcat-mem.c)

- NULL pointer dereference in main (unzzipcat.c)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

Solution :

Update the affected zziplib packages.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: SuSE Local Security Checks

Nessus Plugin ID: 100038 ()

Bugtraq ID:

CVE ID: CVE-2017-5974

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now