[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Y58rA-00078g-4x@master.debian.org>
Date: Sun, 28 Dec 2014 08:05:44 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3113-1] unzip security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3113-1 security@...ian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 28, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : unzip
CVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Debian Bug : 773722
Michele Spagnuolo of the Google Security Team discovered that unzip, an
extraction utility for archives compressed in .zip format, is affected
by heap-based buffer overflows within the CRC32 verification function
(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the
getZip64Data() function (CVE-2014-8141), which may lead to the execution
of arbitrary code.
For the stable distribution (wheezy), these problems have been fixed in
version 6.0-8+deb7u1.
For the upcoming stable distribution (jessie), these problems will be
fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 6.0-13.
We recommend that you upgrade your unzip packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUn7mQAAoJEAVMuPMTQ89EeowQAKE25ywJuv85W18UDxCVJ4M5
jECsUBPPrv5gf2leoJDr4UYhIdBQ5StZA6Cro8qsehcCayZuUayE2tfZjhtR9I9X
pif1tPalH5Cdtzph4XZxmah99MFW8J5z2zuhAa6UcVYDXuup8+o0yz9kJuVJ0e5H
pfT4+FwVdNXiGq+5NgXru4egXCSXs62FRTIp5ezx1uz0PBl2FFnu2ZBND5IgNWf/
cQubdcx02uYkl0fYBQAkClbRK4JZZE/TipdjYkNBpnaHj4EkFKesuSfLcSTmtIK4
R2r34Kzavn9QStJny+Uvzdqqw8e/q5WSmjR2MtDd4l4f3VxMFaoYaRQgon+K4T4L
rs6C7+VeI5gsYrnTyQRPix+v+esGNMke3l1WzHV5fbSXeUic+vooJZoMBmR2ep4j
Vp8kGkoVG8FQ4GgVGDCyV4XiYl9VaGxk1H8/rCSfn1Ag9ImqiiBNuGnBzx+6kGDk
cdb8ZFZpcF5/ueAC7IZ7Cotzncy2c5d7nDTActjSnmK53gnPgRiQwtyu8doM1heF
pWlXLXKxnspIyNugEI2xRYY2I7GN04AhElN+c9DDNBoBiKUVjjBgR8lT9OnDCgBN
UPx9mxeehoibtE67bONhQoxgbyBT3ukRCNFybkNT3K6bGLclFBUNKMpOjJzIvEJs
XU5IchBNf8BhT7Ekd2Lo
=D8OH
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists