FS#57147 : [zziplib] [Security] denial of service (CVE-2017-5980)

FS#57147 - [zziplib] [Security] denial of service (CVE-2017-5980)

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Thursday, 18 January 2018, 23:09 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Tuesday, 13 February 2018, 10:08 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Sven-Hendrik Haase (Svenstaro)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package zziplib is vulnerable to denial of service via CVE-2017-5980.

Guidance
========

Unfortunately no fix seems to be available so far, find github issue below for tracking progress.

References
==========

https://security.archlinux.org/AVG-591
http://www.openwall.com/lists/oss-security/2017/02/14/3
https://blogs.gentoo.org/ago/2017/02/09/zziplib-load-of-misaligned-address-in-memdisk-c/
https://github.com/gdraheim/zziplib/issues/4

This task depends upon

Closed by Sven-Hendrik Haase (Svenstaro)
Tuesday, 13 February 2018, 10:08 GMT
Reason for closing: Fixed

Comment by Sven-Hendrik Haase (Svenstaro) - Tuesday, 13 February 2018, 10:08 GMT

This is fixed in the current release.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#57147 - [zziplib] [Security] denial of service (CVE-2017-5980)

Details

Loading...