User: Password:
Subscribe / Log in / New account

Yellow Dog alert YDU-20030710-1 (unzip)

From:  Terra Soft Security Team <>
Subject:  Yellow Dog Linux Security Advisory: YDU-20030710-1
Date:  Fri, 11 Jul 2003 14:36:29 -0600

Yellow Dog Linux Security Announcement -------------------------------------- Package: unzip Issue Date: Jul 10,2003 Priority: medium Advisory ID: YDU-20030710-1 1. Topic: Updated unzip packages are available. 2. Problem: "The unzip utility is used for manipulating archives, which are multiple files stored inside of a single file. A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to overwrite arbitrary files during archive extraction by placing invalid (non-printable) characters between two "." characters. These non-printable characters are filtered, resulting in a ".." sequence. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2003-0282 to this issue. This erratum includes a patch ensuring that non-printable characters do not make it possible for a malicious .zip file to write to parent directories unless the "-:" command line parameter is specified. Users of unzip are advised to upgrade to these updated packages, which are not vulnerable to this issue." From Red Hat Advisory 3. Solution: a) Updating via yum... We suggest that you use the yum program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: yum update unzip b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ppc/unzip-5.50-14.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- b3e4dc58bd1d14b8ffbf74c5e2a74302 SRPMS/unzip-5.50-14.src.rpm 1ea9bec0cb3899236605de4fa7ae5ab4 ppc/unzip-5.50-14.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum <filename> 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See for more information. For information regarding the usage of yum, see: _______________________________________________ yellowdog-updates mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds