Support / Security / Advisories / Corporate Server 4.0 / MDKSA-2007:093

Package name: zziplib
Date: 2007-04-23
Advisory ID: MDKSA-2007:093
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A stack-based buffer overflow in the ZZIPlib library could allow
user-assisted remote attackers to cause an application crash (DoS)
or execute arbitrary code via a long filename.

Updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 91e3feceacc5f9fd7629525d1be8b951  corporate/4.0/x86_64/zziplib0-0.13.33-4.1.20060mlcs4.x86_64.rpm
 641b79b72b74306264f8cc40b89ecf68  corporate/4.0/x86_64/zziplib0-devel-0.13.33-4.1.20060mlcs4.x86_64.rpm 
 c17957866cab01574723960484e792a9  corporate/4.0/SRPMS/zziplib-0.13.33-4.1.20060mlcs4.src.rpm

CS4.0 i586

 a0ac9e92d0beee7726739000791e6748  corporate/4.0/i586/zziplib0-0.13.33-4.1.20060mlcs4.i586.rpm
 1518189e431ccd97aa491a4591de80d6  corporate/4.0/i586/zziplib0-devel-0.13.33-4.1.20060mlcs4.i586.rpm 
 c17957866cab01574723960484e792a9  corporate/4.0/SRPMS/zziplib-0.13.33-4.1.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1614