[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 124-1] unzip security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : unzip
Version        : 6.0-4+deb6u1
CVE ID         : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Debian Bug     : 773722

Michele Spagnuolo of the Google Security Team discovered that unzip, an
extraction utility for archives compressed in .zip format, is affected
by heap-based buffer overflows within the CRC32 verification function
(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the
getZip64Data() function (CVE-2014-8141), which may lead to the execution
of arbitrary code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUoFPCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHSawP/jQF1XxApYrUooJyx+F+JyOT
iveIkw9+x/5FP1gbhkd1kd2FsvC11Ywe6FnnJ6CJButmd0aj0crcw+Ufyw+3A5GU
3/EYxaZPXyH+afIRQBtPEwNr5eSadP3DEU3uXKKbPkcNxR8ZqBpL1HrGcTM4hD7d
ezy7GM10/JC/qhgzfvIwavPqelYJjrlPkupKFm7WcX5lNf6LmWkYCrANNu+/Bgbe
OES29rLCs9IHgDCaXACoxF0rOLn22SSb9eW41NFQsq6jQ91Uh/AgTKV1LItE6azD
dNkIY6SmDYhO2N+GsYhUssLbW4KRJNAVstYuX6Aih87zeZnKbMOUhbpj0iKylG3s
gKWP2l9n/ZNPhuQOPtWBV9FRWZeS28/G+UXDoR0tiu84bVpvA4YvqAHzpSrU3B9G
/veteuJAgYhS/ks1haVzgKR81FS0GzbrsdexHk8yaKq1LN7gfggE5UfKAZFnz4rP
dv3/wNTO2dDcXj4CHMC8Z1b6cpYs0eo8rnWoiKdNqQIt8POdt1rtWVBYweor56eO
2eVJZg+W3s9U8///3rSGWhj6v61w6orYZ+h5BcLmbyc3Xk5s02/ofGJasmco+IO0
T9V9k+hBKFr6KVocsiTurIe31t0NZV1nJgePNPVJel5h2X6PwJS/Rz4QOZhBGp3m
SHQZDdPT57mYPTCYrB0O
=vSOZ
-----END PGP SIGNATURE-----


Reply to: