• 龙8-long8

    
    中文-Chinese 英语-English
    服务支持

    龙8-long8提供厂商一站式服务,让客户无后顾之忧,助客户聚焦核心业务

    安全公告-关于openEuler系统的zziplib的更新

    简介

    An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4

    严重级别

    High

    主题

    An update for zziplib is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4.

    openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

    描述

    The zziplib is a lightweight library to easily extract data from zip files. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools.

    Security Fix(es):

    A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.(CVE-2024-39134)

    影响组件

    Zziplib

    CVE

    CVE-2024-39134

    参考链接

    https://nvd.nist.gov/vuln/detail/CVE-2024-39134

    后续改善计划

    龙8-long8计算机会持续跟进该漏洞的最新动态,请关注龙8-long8计算机官网、官微公告有任何关于此漏洞修复的问题,可以通过以下方式联系我们:

    龙8-long8计算机售后咨询热线:4008-870-872

    龙8-long8PSIRT邮箱:psirt@powerleadercom.cn

    龙8-long8计算机官网:https://www.powerleadercom.cn