[3.6] libzip: Multiple vulnerabilities (CVE-2017-14107, CVE-2017-12858)
CVE-2017-14107: Memory allocation failure in _zip_cdir_grow function
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0
mishandles EOCD records, which allows attackers to cause
a denial of service (memory allocation failure in _zip_cdir_grow in
zip_dirent.c) via a crafted ZIP archive.
Fixed in:
libzip 1.3.0
References:
http://openwall.com/lists/oss-security/2017/09/02/1
Patch:
https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
CVE-2017-12858: Double free in _zip_dirent_read function in zip_dirent.c
Double free vulnerability in the _zip_dirent_read function in
zip_dirent.c in libzip allows attackers to have unspecified impact
via
unknown vectors.
Affected version:
libzip 1.2.0
Fixed in:
libzip 1.3.0
References:
http://openwall.com/lists/oss-security/2017/09/02/2
Patch:
https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
(from redmine: issue id 7814, created on 2017-09-11, closed on 2017-10-26)
- Changesets:
- Revision a5d68c47 on 2017-10-25T12:04:24Z:
community/libzip: security fixes (CVE-2017-14107, CVE-2017-12858)
fixes #7814