stable

libzip-1.3.0-1.fc26

FEDORA-2017-840db88351 created by remi 7 years ago for Fedora 26

Version 1.3.0

It contains fixes for two possible security problems. The problems were identified by Brian 'geeknik' Carpenter and Agostino Sarubbo using AFL.

The changes are:

  • Support bzip2 compressed zip archives
  • Improve file progress callback code
  • Fix zip_fdopen()
  • CVE-2017-12858: Fix double free().
  • CVE-2017-14107: Improve EOCD64 parsing.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-840db88351

This update has been submitted for testing by remi.

7 years ago

This update has been pushed to testing.

7 years ago
User Icon dhgutteridge commented & provided feedback 7 years ago
karma

No regressions noted in dependent applications.

User Icon lnie commented & provided feedback 7 years ago
karma

works

User Icon cserpentis commented & provided feedback 7 years ago
karma

works for me

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#1484515 CVE-2017-12858 libzip: Double free in _zip_dirent_read function in zip_dirent.c [fedora-all]
0
0

Automated Test Results