Slackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
8f809ffda4bef4c8b546a9321848782d
Gentoo Linux Security Advisory 201611-1 - Multiple vulnerabilities have been found in UnZip allowing remote attackers to execute arbitrary code and cause Denial of Service. Versions less than 6.0_p20 are affected.
a582e983ee01584452d768eeb54e3930
Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.
32e0fef51b76ce3c73ed6338172843e8
Mandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.
0a51d6b85e2c61fc7dd06d5bccafb45b
Red Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.
cf9f2af4a3853ef8397ab56550e16af3
Ubuntu Security Notice 2472-1 - Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
da5c0e6b8241b299b823f5c162e89d1a
Mandriva Linux Security Advisory 2015-016 - The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification. the test_compr_eb() and the getZip64Data(). functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.
706c3ed21bc217e6ab70ff5c1daee028
Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.
f7566e7e2f5fa878a32d60492911d388
UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.
66cf95c1412baffc97b43c0603b6fd01