4 matches found
Fedora 26 : poco (2018-7349a7723e)
Security fix for CVE-2017-1000472 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
[SECURITY] [DSA 4083-1] poco security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4083-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 11, 2018 https://www.debian.org/security/faq -...
CVE-2017-1000472
The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...
CVE-2017-1000472
POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...