Debian 10209 Published by

A zlib security update has been released for Debian GNU/Linux 7 Extended LTS to address a directory traversal security vulnerability.



ELA-222-1 zlib security update

Package zlib
Version 1:1.2.7.dfsg-13+deb7u2
Related CVE CVE-2014-9485
Jakub Wilk discovered that miniunzip in zlib-bin was affected by a directory traversal security vulnerability. An attacker could use this flaw to extract the contents of a specially crafted zip file to arbitrary locations.

For Debian 7 Wheezy, these problems have been fixed in version 1:1.2.7.dfsg-13+deb7u2.

We recommend that you upgrade your zlib packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-222-1 zlib security update