Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Fedora 24: 2016-80a2fba8aa Critical: Unzip Buffer Overflow Fix

fedora
Calendar Grey December 16, 2016
Dist Fedora Esm H88
An update for unzip in Fedora 24 resolves CVE-2016-9844. Use dnf to install the patch and safeguard against potential buffer overflow vulnerabilities.
Security fix for CVE-2016-9844

Summary

The unzip utility is used to list, test, or extract files from a zip

archive. Zip archives are commonly found on MS-DOS systems. The zip

utility, included in the zip package, creates zip archives. Zip and

unzip are both compatible with archives created by PKWARE(R)'s PKZIP

for MS-DOS, but the programs' options and default behaviors do differ

in some respects.

Install the unzip package if you need to list, test or extract files from

a zip archive.

Update Information:

Security fix for CVE-2016-9844

Change Log

References


[ 1 ] Bug #1404283 - CVE-2016-9844 unzip: methbuf[] buffer overflow in zipinfo's zi_short() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404283

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade unzip' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: unzip
Product: Fedora 24
Version: 6.0
Release: 31.fc24
URL:
Summary: A utility for unpacking zip files

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.