 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 25 Mar 2015 15:16:00 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: unzip security update
Advisory ID: SLSA-2015:0700-1
Issue Date: 2015-03-18
CVE Numbers: CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
CVE-2014-9636
--
A buffer overflow was found in the way unzip uncompressed certain extra
fields of a file. A specially crafted Zip archive could cause unzip to
crash or, possibly, execute arbitrary code when the archive was tested
with unzip's '-t' option. (CVE-2014-9636)
A buffer overflow flaw was found in the way unzip computed the CRC32
checksum of certain extra fields of a file. A specially crafted Zip
archive could cause unzip to crash when the archive was tested with
unzip's '-t' option. (CVE-2014-8139)
An integer underflow flaw, leading to a buffer overflow, was found in the
way unzip uncompressed certain extra fields of a file. A specially crafted
Zip archive could cause unzip to crash when the archive was tested with
unzip's '-t' option. (CVE-2014-8140)
A buffer overflow flaw was found in the way unzip handled Zip64 files. A
specially crafted Zip archive could possibly cause unzip to crash when the
archive was uncompressed. (CVE-2014-8141)
--
SL6
x86_64
unzip-6.0-2.el6_6.x86_64.rpm
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
i386
unzip-6.0-2.el6_6.i686.rpm
unzip-debuginfo-6.0-2.el6_6.i686.rpm
SL7
x86_64
unzip-6.0-15.el7.x86_64.rpm
unzip-debuginfo-6.0-15.el7.x86_64.rpm
- Scientific Linux Development Team
|
|
|
