Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Ubuntu 14.10 USN-2489-1 Critical: Unzip Code Execution Threat

Calendar Feb 03, 2015 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical issue code execution Ubuntu unzip issue 
=========================================================================Ubuntu Security Notice USN-2489-1
February 03, 2015

unzip vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Details:

Michal Zalewski discovered that unzip incorrectly handled certain
malformed zip archives. If a user or automated system were tricked into
processing a specially crafted zip archive, an attacker could possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  unzip                           6.0-12ubuntu1.2

Ubuntu 14.04 LTS:
  unzip                           6.0-9ubuntu1.2

Ubuntu 12.04 LTS:
  unzip                           6.0-4ubuntu2.2

Ubuntu 10.04 LTS:
  unzip                           6.0-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2489-1
  CVE-2014-9636

Package Information:
  https://launchpad.net/ubuntu/+source/unzip/6.0-12ubuntu1.2
  https://launchpad.net/ubuntu/+source/unzip/6.0-9ubuntu1.2
  https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.2
  https://launchpad.net/ubuntu/+source/unzip/6.0-1ubuntu0.2

Ubuntu 14.10 USN-2489-1 Critical: Unzip Code Execution Threat

ubuntu
Calendar Grey February 3, 2015
Dist Ubuntu Esm H88
Debian Security Notice DSN-4891-2 notifies users of a tar vulnerability permitting unauthorized access; users should update systems promptly.

Summary

Topics%20covered

Topics Covered

security advisory critical issue code execution Ubuntu unzip issue

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: unzip 6.0-12ubuntu1.2 Ubuntu 14.04 LTS: unzip 6.0-9ubuntu1.2 Ubuntu 12.04 LTS: unzip 6.0-4ubuntu2.2 Ubuntu 10.04 LTS: unzip 6.0-1ubuntu0.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2489-1

CVE-2014-9636

Severity
critical
Lowest
Low
Medium
High
Critical

February 03, 2015

Topics%20covered

Topics Covered

security advisory critical issue code execution Ubuntu unzip issue

Package Information

https://launchpad.net/ubuntu/+source/unzip/6.0-12ubuntu1.2 https://launchpad.net/ubuntu/+source/unzip/6.0-9ubuntu1.2 https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.2 https://launchpad.net/ubuntu/+source/unzip/6.0-1ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here