Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

SciLinux SLSA-2015:0700-1 Moderate: Unzip Buffer Overflow Fix

Scientific Large Esm H446
Moderate: unzip security update
Date: Wed, 25 Mar 2015 15:16:00 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: unzip on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: unzip security update
Advisory ID: SLSA-2015:0700-1
Issue Date: 2015-03-18
CVE Numbers: CVE-2014-8139
 CVE-2014-8140
 CVE-2014-8141
 CVE-2014-9636
--

A buffer overflow was found in the way unzip uncompressed certain extra
fields of a file. A specially crafted Zip archive could cause unzip to
crash or, possibly, execute arbitrary code when the archive was tested
with unzip's '-t' option. (CVE-2014-9636)

A buffer overflow flaw was found in the way unzip computed the CRC32
checksum of certain extra fields of a file. A specially crafted Zip
archive could cause unzip to crash when the archive was tested with
unzip's '-t' option. (CVE-2014-8139)

An integer underflow flaw, leading to a buffer overflow, was found in the
way unzip uncompressed certain extra fields of a file. A specially crafted
Zip archive could cause unzip to crash when the archive was tested with
unzip's '-t' option. (CVE-2014-8140)

A buffer overflow flaw was found in the way unzip handled Zip64 files. A
specially crafted Zip archive could possibly cause unzip to crash when the
archive was uncompressed. (CVE-2014-8141)
--

SL6
 x86_64
 unzip-6.0-2.el6_6.x86_64.rpm
 unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
 i386
 unzip-6.0-2.el6_6.i686.rpm
 unzip-debuginfo-6.0-2.el6_6.i686.rpm
SL7
 x86_64
 unzip-6.0-15.el7.x86_64.rpm
 unzip-debuginfo-6.0-15.el7.x86_64.rpm

- Scientific Linux Development Team