Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 674
    • Issues 674
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 166
    • Merge Requests 166
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Gitlab has been upgraded to v13.9 🎉. Enjoy

  • alpine
  • aportsaports
  • Issues
  • #9332

Closed
Open
Opened Aug 23, 2018 by Alicha CH@alichaReporter

[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have been fixed in 1.8-pre2.

References:

https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1000637
http://openwall.com/lists/oss-security/2018/08/22/2

(from redmine: issue id 9332, created on 2018-08-23, closed on 2018-08-27)

  • Relations:
    • copied_to #9331 (closed)
    • parent #9331 (closed)
  • Changesets:
    • Revision d031b70d by Natanael Copa on 2018-08-23T12:48:48Z:
community/zutils: security fix (CVE-2018-1000637)

fixes #9332
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
3.9.0
Milestone
3.9.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9332