Fedora Core 2 FEDORA-2004-399 Moderate: Zip Buffer Overflow Threat

The zip program is a compression and file packaging utility. Zip is

analogous to a combination of the UNIX tar and compress commands and

is compatible with PKZIP (a compression and file packaging utility for

MS-DOS systems).

Install the zip package if you need to compress files using the zip

program.

A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames.

See:

* Mon Nov 08 2004 Lon Hohberger <lhh@redhat.com> 2.3-26.2

- Fix buffer overflow. #138230

* Mon Jun 21 2004 Lon Hohberger <lhh@redhat.com> 2.3-24

- Extend max file/archive size to 2^32-8193 (4294959103) bytes - Include better debugging output for configure script

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

This update can be downloaded from:

c8e36306afa17246d2caeabc498cbc62 SRPMS/zip-2.3-26.2.src.rpm cd999c652e0d51a7fb349b2867a83662 x86_64/zip-2.3-26.2.x86_64.rpm 7f76d52b21459d5945075e0e6780ff2a x86_64/debug/zip-debuginfo-2.3-26.2.x86_64.rpm c50729dab4fb95168a9897397b08e55a i386/zip-2.3-26.2.i386.rpm 0a9e2a3140181810fcde221d74f6e121 i386/debug/zip-debuginfo-2.3-26.2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

...