Long Range ZIP: Multiple vulnerabilities — GLSA 202005-01

Multiple vulnerabilities have been found in Long Range ZIP, the worst of which could result in a Denial of Service condition.

Affected packages

Background

Optimized for compressing large files

Description

Multiple vulnerabilities have been discovered in Long Range ZIP. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted archive file possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/lrzip-0.631_p20190619"
 

References

• CVE-2017-8842
• CVE-2017-8843
• CVE-2017-8844
• CVE-2017-8845
• CVE-2017-8846
• CVE-2017-8847
• CVE-2017-9928
• CVE-2017-9929

Release date
May 12, 2020

Latest revision
May 12, 2020: 1

Severity
low

Exploitable
local, remote

Bugzilla entries

• 617930
• 624462