What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3152-1                   security@debian.org
https://www.debian.org/security/                      Salvatore Bonaccorso
February 03, 2015                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unzip
CVE ID         : CVE-2014-9636
Debian Bug     : 776589

A flaw was found in the test_compr_eb() function allowing out-of-bounds
read and write access to memory locations. By carefully crafting a
corrupt ZIP archive an attacker can trigger a heap overflow, resulting
in application crash or possibly having other unspecified impact.

For the stable distribution (wheezy), this problem has been fixed in
version 6.0-8+deb7u2. Additionally this update corrects a defective
patch applied to address CVE-2014-8139, which caused a regression with
executable jar files.

For the unstable distribution (sid), this problem has been fixed in
version 6.0-15. The defective patch applied to address CVE-2014-8139 was
corrected in version 6.0-16.

We recommend that you upgrade your unzip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-3152-1: unzip security update

February 3, 2015
A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations

Summary

For the stable distribution (wheezy), this problem has been fixed in
version 6.0-8+deb7u2. Additionally this update corrects a defective
patch applied to address CVE-2014-8139, which caused a regression with
executable jar files.

For the unstable distribution (sid), this problem has been fixed in
version 6.0-15. The defective patch applied to address CVE-2014-8139 was
corrected in version 6.0-16.

We recommend that you upgrade your unzip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
A flaw was found in the test_compr_eb() function allowing out-of-bounds
read and write access to memory locations. By carefully crafting a
corrupt ZIP archive an attacker can trigger a heap overflow, resulting
in application crash or possibly having other unspecified impact.

Related News

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Nov 8, 2023

Severe Chromium DoS, Info Disclosure Vulns Fixed

Oct 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo