Wind River Support Network

HomeDefectsLIN10-4168

Fixed

LIN10-4168 : Security Advisory - php - CVE-2017-14107

Created: Jun 29, 2018 Updated: Dec 3, 2018

Resolved Date: Jul 10, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.9

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.

https://nvd.nist.gov/vuln/detail/CVE-2017-14107

Other Downloads

Wind River Linux LTS 10.17.41.9
Wind River Linux LTS 10.17.41.10
Wind River Linux LTS 10.17.41.11
Wind River Linux LTS 10.17.41.12
Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2017-14107