Debian Security Advisory 3113-1

Debian Security Advisory 3113-1: Posted Dec 29, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.; tags | advisory, overflow, arbitrary; systems | linux, debian; advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141; SHA-256 | c07d19cf6b887fa58bdf1aabe929c435954c16a8c33b34fa65ffa5b22c076cda; Download | Favorite | View

Debian Security Advisory 3113-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3113-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
December 28, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unzip
CVE ID         : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Debian Bug     : 773722

Michele Spagnuolo of the Google Security Team discovered that unzip, an
extraction utility for archives compressed in .zip format, is affected
by heap-based buffer overflows within the CRC32 verification function
(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the
getZip64Data() function (CVE-2014-8141), which may lead to the execution
of arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in
version 6.0-8+deb7u1.

For the upcoming stable distribution (jessie), these problems will be
fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 6.0-13.

We recommend that you upgrade your unzip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUn7mQAAoJEAVMuPMTQ89EeowQAKE25ywJuv85W18UDxCVJ4M5
jECsUBPPrv5gf2leoJDr4UYhIdBQ5StZA6Cro8qsehcCayZuUayE2tfZjhtR9I9X
pif1tPalH5Cdtzph4XZxmah99MFW8J5z2zuhAa6UcVYDXuup8+o0yz9kJuVJ0e5H
pfT4+FwVdNXiGq+5NgXru4egXCSXs62FRTIp5ezx1uz0PBl2FFnu2ZBND5IgNWf/
cQubdcx02uYkl0fYBQAkClbRK4JZZE/TipdjYkNBpnaHj4EkFKesuSfLcSTmtIK4
R2r34Kzavn9QStJny+Uvzdqqw8e/q5WSmjR2MtDd4l4f3VxMFaoYaRQgon+K4T4L
rs6C7+VeI5gsYrnTyQRPix+v+esGNMke3l1WzHV5fbSXeUic+vooJZoMBmR2ep4j
Vp8kGkoVG8FQ4GgVGDCyV4XiYl9VaGxk1H8/rCSfn1Ag9ImqiiBNuGnBzx+6kGDk
cdb8ZFZpcF5/ueAC7IZ7Cotzncy2c5d7nDTActjSnmK53gnPgRiQwtyu8doM1heF
pWlXLXKxnspIyNugEI2xRYY2I7GN04AhElN+c9DDNBoBiKUVjjBgR8lT9OnDCgBN
UPx9mxeehoibtE67bONhQoxgbyBT3ukRCNFybkNT3K6bGLclFBUNKMpOjJzIvEJs
XU5IchBNf8BhT7Ekd2Lo
=D8OH
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 88 files
Gentoo 23 files
Debian 20 files
tmrswrr 8 files
Amit Roy 4 files
bRpsd 3 files
Aslam Anwar Mahimkar 3 files
Jann Horn 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

Debian Security Advisory 3113-1

Debian Security Advisory 3113-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3113-1

Share This

Debian Security Advisory 3113-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems