Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 25 Mar 2015 15:16:00 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: unzip on SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: unzip security update Advisory ID: SLSA-2015:0700-1 Issue Date: 2015-03-18 CVE Numbers: CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 -- A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636) A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139) An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140) A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141) -- SL6 x86_64 unzip-6.0-2.el6_6.x86_64.rpm unzip-debuginfo-6.0-2.el6_6.x86_64.rpm i386 unzip-6.0-2.el6_6.i686.rpm unzip-debuginfo-6.0-2.el6_6.i686.rpm SL7 x86_64 unzip-6.0-15.el7.x86_64.rpm unzip-debuginfo-6.0-15.el7.x86_64.rpm - Scientific Linux Development Team