Twenty Year Anniversary

Debian Security Advisory 4083-1

Debian Security Advisory 4083-1
Posted Jan 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4083-1 - Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2017-1000472
MD5 | a45b8d30d6ca7026bed1a8599319f4b9

Debian Security Advisory 4083-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4083-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
January 11, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : poco
CVE ID : CVE-2017-1000472

Stephan Zeisberg discovered that poco, a collection of open source C++
class libraries, did not correctly validate file paths in ZIP
archives. An attacker could leverage this flaw to create or overwrite
arbitrary files.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.6p1-5+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.7.6+dfsg1-5+deb9u1.

We recommend that you upgrade your poco packages.

For the detailed security status of poco please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/poco

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlpXJZkACgkQEL6Jg/PV
nWQSAAgAyZdKxW5ach7bfDAW9JiPHMAMW5Z32DFgmcEqfmYhFbTa9I3nF6yABjiJ
QTF2eSwmPDua6QzozOI4OGAFfO0aJ4DH70pEuj1B0Ea5CItiMeZXXFiquL6sdjud
OJTt1Iwh5eKRW0iOenQw24QU4Zd6r254MpIYtppdHfVYF45/E08KcTh78yTEpB5a
XR4L23oVQOonytc0GASV/mogfce5bPRMvaGMONQo3d66Dfe5grFFUfO9yrhT47G1
r3eIsMvPWHp6tiCToiZ4nc2/z+o8rp/oBP+y9imvHrZXpsdEjl9DOM0miBrqmzZ6
NOSk3Dywnxm+JPwxJNNf/fm7zbYALw==
=cZI8
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    2 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    15 Files
  • 18
    Dec 18th
    9 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close