Debian Security Advisory 3152-1

Debian Security Advisory 3152-1: Posted Feb 3, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3152-1 - A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact.; tags | advisory, overflow; systems | linux, debian; advisories | CVE-2014-9636; SHA-256 | d75c233bc48401a828d5d7526c6215a57788b28545653b4fca0bfe314d197148; Download | Favorite | View

Debian Security Advisory 3152-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3152-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
February 03, 2015                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : unzip
CVE ID         : CVE-2014-9636
Debian Bug     : 776589

A flaw was found in the test_compr_eb() function allowing out-of-bounds
read and write access to memory locations. By carefully crafting a
corrupt ZIP archive an attacker can trigger a heap overflow, resulting
in application crash or possibly having other unspecified impact.

For the stable distribution (wheezy), this problem has been fixed in
version 6.0-8+deb7u2. Additionally this update corrects a defective
patch applied to address CVE-2014-8139, which caused a regression with
executable jar files.

For the unstable distribution (sid), this problem has been fixed in
version 6.0-15. The defective patch applied to address CVE-2014-8139 was
corrected in version 6.0-16.

We recommend that you upgrade your unzip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU0OMCAAoJEAVMuPMTQ89Eal0P/2E2h2at+DLB3Xn4+p6Hh2uD
O4Lrhw8iN77KY2Jo/EmsVd22MiL8fqQgKTj0FA7ruydABYlkdB9R6aoRQJZf4ifm
W2ojedQzC2UHKzhlW0OuzQn9GjoeuCQ9Mj3K3xu0DDfrEkIrxWKwqWgWNOTxDnPW
r5RoyA6rKX70rd9aLWd7jI77S/e6lq0jHM2Fc8tG5kQ58pkzViV5bKU1yhPazQBr
mN3leJUrM+K55+IcxbuXYIP/F4cr3WrQntmj0oaLSJWKpmWsJ6z40ViMitREKMA4
OZoAAsctkBLfeEyHPHwBz3KfsmhMMWXf8o4nikHzzkC/9jYZ5+5R+PVC/IJb6lnG
SYOD07fjFMrwO39SSbf6oGW7ivuS62zPTqvEGUnloYe04ezKa7JzXMtNBfsWr7Ax
gcnF63u8vEC6/TvliStIL7vSXHm5XX/4HllUoZcvpnXkQMBZG/Ol5Pju/lo5PGIi
6UTBAjlqYJMq2RSrVcmdS3Bksh3rznVwDkLB6b6t8B8dT065mjxFsYFTQY049xBU
rFK8rbWtjHttmO/LJxbQYj0GtKl5IccmNcrw02S2wSFtmz+e/L5Fevhwd7NHWTRg
OfgEZdKGtTEhkJ5sI3j7fk5XyFVG9hgz0LPts+OWIvIcavj64T403R4bb8XFh/OH
1nMrjOl6pdw+qr12h8vK
=0h2b
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3152-1

Debian Security Advisory 3152-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3152-1

Share This

Debian Security Advisory 3152-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems