| ||||||||||||||||
Debian-Testing alert DTSA-56-1 (zziplib)
- -------------------------------------------------------------------------- Debian Testing Security Advisory DTSA-56-1 September 4st, 2007 secure-testing-team at lists.alioth.debian.org Nico Golde http://secure-testing-master.debian.net/ - -------------------------------------------------------------------------- Package : zziplib Vulnerability : buffer overflow Problem-Scope : remote Debian-specific: no CVE ID : CVE-2007-1614 The zziplib library is prone to a stack-based buffer overflow which might allow remote attackers to execute arbitrary code or denial of service (application crash) via a long file name. For the testing distribution (lenny) this is fixed in version 0.12.83-8lenny1 For the unstable distribution (sid) this is fixed in version 0.13.49-0 This upgrade is recommended if you use zziplib (zziplib-bin, libzzip-0-12, libzzip-dev) Upgrade Instructions - -------------------- To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list: deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free To install the update, run this command as root: apt-get update && apt-get upgrade For further information about the Debian testing security team, please refer to http://secure-testing-master.debian.net/ _______________________________________________ secure-testing-announce mailing list secure-testing-announce@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-te... (Log in to post comments)
|
||||||||||||||||