The zziplib library is prone to a stack-based buffer overflow
which might allow remote attackers to execute arbitrary code
or denial of service (application crash) via a long file name.
CVE-2007-1614
Stack-based buffer overflow in the zzip_open_shared_io function
in zzip/file.c in ZZIPlib Library before 0.13.49 allows
user-assisted remote attackers to cause a denial of service
(application crash) or execute arbitrary code via a long
filename.
For the testing distribution (lenny) this is fixed in version 0.12.83-8lenny1
For the unstable distribution (sid) this is fixed in version 0.13.49-0
This upgrade is recommended if you use zziplib.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free