Ubuntu Security Notice 2788-2 - USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.
725ce02cc3cadd7b0ec3656cd6df2613956412303bd0cfad6f7b6a85a3adf0b0
Debian Linux Security Advisory 3386-1 - Two vulnerabilities have been found in unzip, a de-archiver for .zip files.
1d96ea53d623622b341bae44daabd23b7f09e532459e9ae9579ed4c1e0792d88
Ubuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.
de45b1383c5e5a7528aa33c19008c2e1509e1607e528e06b77d3ad12186a6ab1