Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora: FEDORA-2004-400 Critical: Zip Buffer Overflow Issue

fedora
Calendar Grey November 8, 2004
Dist Fedora Esm H88
An exploit in zip version 2.3-26.3 for Fedora affects the generation of zip archives. Discover steps to mitigate this issue.
A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames.

Summary

The zip program is a compression and file packaging utility. Zip is

analogous to a combination of the UNIX tar and compress commands and

is compatible with PKZIP (a compression and file packaging utility for

MS-DOS systems).

Install the zip package if you need to compress files using the zip

program.

Update Information:

A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames.

See:

November/028379.html * Mon Nov 08 2004 Lon Hohberger <lhh@redhat.com> 2.3-26.3

- Rebuild for FC-3

* Mon Nov 08 2004 Lon Hohberger <lhh@redhat.com> 2.3-26.2

- Fix buffer overflow. #138230


This update can be downloaded from:


bc2cbf480d0c179477c860b28eed69de SRPMS/zip-2.3-26.3.src.rpm f838848328a58c46c383b71cbcf3ed76 x86_64/zip-2.3-26.3.x86_64.rpm 87d6165bfdde40a5c74fd8583a338681 x86_64/debug/zip- debuginfo-2.3-26.3.x86_64.rpm c655032e0d8b15079b1de6ab133f05fe i386/zip-2.3-26.3.i386.rpm edd6fddc5e2e721866fa5bd28e056996 i386/debug/zip- debuginfo-2.3-26.3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



-- fedora-announce-list mailing list fedora-announce-list@redhat.com fedora-announce-list Info Page

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora critical update zip utility

Change Log

References

Fedora Update Notification FEDORA-2004-400 2004-11-08
Product : Fedora Core 3 Name : zip Version : 2.3 Release : 26.3 Summary : A file compression and packaging utility compatible with PKZIP. Description : The zip program is a compression and file packaging utility. Zip is analogous to a combination of the UNIX tar and compress commands and is compatible with PKZIP (a compression and file packaging utility for MS-DOS systems).
Install the zip package if you need to compress files using the zip program.

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora Core 3
Name: zip
Version: 2.3
Release: 26.3
Summary: A file compression and packaging utility compatible with

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora critical update zip utility

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here