Stay Secure with the Latest Linux Advisories

security advisoryfedorabuffer overflow

Fedora Core 2 FEDORA-2004-399 Moderate: Zip Buffer Overflow Threat

A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-399 2004-11-08 --------------------------------------------------------------------- Product : Fedora Core 2 Name : zip Version : 2.3 Release : 26.2 Summary : A file compression and packaging utility compatible with PKZIP. Description : The zip program is a compression and file packaging utility. Zip is analogous to a combination of the UNIX tar and compress commands and is compatible with PKZIP (a compression and file packaging utility for MS-DOS systems). Install the zip package if you need to compress files using the zip program. --------------------------------------------------------------------- Update Information: A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames. See: --------------------------------------------------------------------- * Mon Nov 08 2004 Lon Hohberger 2.3-26.2 - Fix buffer overflow. #138230 * Mon Jun 21 2004 Lon Hohberger 2.3-24 - Extend max file/archive size to 2^32-8193 (4294959103) bytes - Include better debugging output for configure script * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: c8e36306afa17246d2caeabc498cbc62 SRPMS/zip-2.3-26.2.src.rpm cd999c652e0d51a7fb349b2867a83662 x86_64/zip-2.3-26.2.x86_64.rpm 7f76d52b21459d5945075e0e6780ff2a x86_64/debug/zip-debuginfo-2.3-26.2.x86_64.rpm c50729dab4fb95168a9897397b08e55a i386/zip-2.3-26.2.i386.rpm 0a9e2a3140181810fcde221d74f6e121 i386/debug/zip-debuginfo-2.3-26.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date'command. --------------------------------------------------------------------- -- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. fedora-announce-list Info Page . Fedora's urgent update tackles buffer overflow vulnerabilities in the zip utility, addressing critical security flaws. Users must upgrade to safeguard data and ensure system integrity.. Buffer Overflow, Zip Utility, Fedora Core 2. . LinuxSecurity.com Team

Nov 08, 2004 Fedora