Slackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
8f809ffda4bef4c8b546a9321848782dGentoo Linux Security Advisory 201611-1 - Multiple vulnerabilities have been found in UnZip allowing remote attackers to execute arbitrary code and cause Denial of Service. Versions less than 6.0_p20 are affected.
a582e983ee01584452d768eeb54e3930Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.
32e0fef51b76ce3c73ed6338172843e8Mandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.
0a51d6b85e2c61fc7dd06d5bccafb45bRed Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.
cf9f2af4a3853ef8397ab56550e16af3Ubuntu Security Notice 2472-1 - Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
da5c0e6b8241b299b823f5c162e89d1aMandriva Linux Security Advisory 2015-016 - The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification. the test_compr_eb() and the getZip64Data(). functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.
706c3ed21bc217e6ab70ff5c1daee028Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.
f7566e7e2f5fa878a32d60492911d388UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.
66cf95c1412baffc97b43c0603b6fd01
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed