Linux Security
    Linux Security
    Linux Security

    Debian: DSA-3386-1: unzip security update

    Date 31 Oct 2015
    257
    Posted By LinuxSecurity Advisories
    Two vulnerabilities have been found in unzip, a de-archiver for .zip files. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3386-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                 Laszlo Boszormenyi (GCS)
    October 31, 2015                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : unzip
    CVE ID         : CVE-2015-7696 CVE-2015-7697
    Debian Bug     : 802160 802162
    
    Two vulnerabilities have been found in unzip, a de-archiver for .zip
    files. The Common Vulnerabilities and Exposures project identifies the
    following problems:
    
    CVE-2015-7696
    
        Gustavo Grieco discovered that unzip incorrectly handled certain
        password protected archives. If a user or automated system were
        tricked into processing a specially crafted zip archive, an attacker
        could possibly execute arbitrary code.
    
    CVE-2015-7697
    
        Gustavo Grieco discovered that unzip incorrectly handled certain
        malformed archives. If a user or automated system were tricked into
        processing a specially crafted zip archive, an attacker could
        possibly cause unzip to hang, resulting in a denial of service.
    
    For the oldstable distribution (wheezy), these problems have been fixed
    in version 6.0-8+deb7u4.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 6.0-16+deb8u1.
    
    For the testing distribution (stretch), these problems have been fixed
    in version 6.0-19.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 6.0-19.
    
    We recommend that you upgrade your unzip packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.