Arch Linux: ASA-201501-3 High: Unzip Code Execution Threat

The package unzip before version 6.0-9 is vulnerable to arbitrary code execution and denial of service through multiple heap buffer overflows.

Arch Linux Security Advisory ASA-201501-3
========================================
Severity: High
Date    : 2015-01-10
CVE-ID  : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Package : unzip
Type    : arbitrary code execution
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package unzip before version 6.0-9 is vulnerable to arbitrary code
execution and denial of service through multiple heap buffer overflows.

Resolution
=========
Upgrade to 6.0-9.

# pacman -Syu "unzip>=6.0-9"

The problems have not been fixed upstream but patches were added.

Workaround
=========
None.

Description
==========
- CVE-2014-8139 (heap buffer overflow)
A heap-based buffer overflow exists in the CRC32 verification that
allows attackers to potentially execute arbitrary code or cause a denial
of service (memory corruption).

- CVE-2014-8140 (out-of-bounds read/write)
Out-of-bounds access (both read and write) issues exist in
test_compr_eb() that can result in application crash or arbitrary code
execution.

- CVE-2014-8141 (out-of-bounds read)
Two out-of-bounds read issues exist in getZip64Data() that allows
attackers to cause a denial of service.

Impact
=====
An attacker is able to execute arbitrary code or cause a denial of
service through a specially crafted zip file passed to the command unzip -t.

References
=========
https://ocert.org/advisories/ocert-2014-011.html
https://access.redhat.com/security/cve/CVE-2014-8139
https://access.redhat.com/security/cve/CVE-2014-8140
https://access.redhat.com/security/cve/CVE-2014-8141
https://bugs.archlinux.org/task/43300
https://bugs.archlinux.org/task/43391