Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

Gentoo: GLSA-200804-06 Normal: UnZip Code Execution Threat

gentoo
Calendar Grey April 6, 2008
Dist Gentoo Esm H88
Gentoo users should take note of a vital security advisory regarding a vulnerability in UnZip that may allow unauthorized code execution. Update your packages now to address this issue
A double free vulnerability discovered in UnZip might lead to the execution of arbitrary code.

Summary

Gentoo Linux Security Advisory GLSA 200804-06 https://security.gentoo.org/ Severity: Normal Title: UnZip: User-assisted execution of arbitrary code Date: April 06, 2008 Bugs: #213761 ID: 200804-06

Synopsis ======= A double free vulnerability discovered in UnZip might lead to the execution of arbitrary code.
Background ========= Info-ZIP's UnZip is a tool to list and extract files inside PKZIP compressed files.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/unzip < 5.52-r2 >= 5.52-r2
========== Tavis Ormandy of the Google Security Team discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo code execution unzip arbitrary code double free normal severity

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo code execution unzip arbitrary code double free normal severity

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here