Security update for libzip
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:0615-1
Final
1
1
2015-03-20T09:31:30Z
current
2015-03-20T09:31:30Z
2015-03-20T09:31:30Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libzip
Libzip was updated to fix one security issue.
A zip file with an unusually large number of entries could have caused an integer overflow leading to a write past the heap boundary, crashing the application. (CVE-2015-2331 bnc#923240)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html
E-Mail link for openSUSE-SU-2015:0615-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
libzip-0.11.2-3.8.1
libzip-devel-0.11.2-3.8.1
libzip2-0.11.2-3.8.1
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
CVE-2015-2331
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html
https://www.suse.com/security/cve/CVE-2015-2331.html
CVE-2015-2331
https://bugzilla.suse.com/922894
SUSE Bug 922894
https://bugzilla.suse.com/923240
SUSE Bug 923240