Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 18.04 LTS: USN-4672-1 Critical: Unzip Denial of Service

ubuntu
Calendar Grey December 16, 2020
Dist Ubuntu Esm H88
To fix unzip vulnerabilities in Ubuntu 12.04-18.04, update packages, install the latest unzip version, and ensure strong configurations and security measures are in place
Several security issues were fixed in unzip.

Summary

Several security issues were fixed in unzip.

Software Description:

- unzip: De-archiver for .zip files

Details:

Rene Freingruber discovered that unzip incorrectly handled certain

specially crafted password protected ZIP archives. If a user or automated

system using unzip were tricked into opening a specially crafted zip file,

an attacker could exploit this to cause a crash, resulting in a denial of

service. (CVE-2018-1000035)

Antonio Carista discovered that unzip incorrectly handled certain

specially crafted ZIP archives. If a user or automated system using unzip

were tricked into opening a specially crafted zip file, an attacker could

exploit this to cause a crash, resulting in a denial of service. This

issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

(CVE-2018-18384)

It was discovered that unzip incorrectly handled certain specially crafted

ZIP archives. If a user or automated system using unzip were tricked into

opening a specially crafted z...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  unzip                           6.0-21ubuntu1.1

Ubuntu 16.04 LTS:
  unzip                           6.0-20ubuntu1.1

Ubuntu 14.04 ESM:
  unzip                           6.0-9ubuntu1.6

Ubuntu 12.04 ESM:
  unzip                           6.0-4ubuntu2.6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4672-1

CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384,

CVE-2019-13232

Severity
critical
Lowest
Low
Medium
High
Critical

December 16, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.