|
|
Subscribe / Log in / New account

unzip: code execution

Package(s):unzip CVE #(s):CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
Created:December 29, 2014 Updated:March 29, 2015
Description: From the Debian advisory:

Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.

Alerts:
Gentoo 201611-01 unzip 2016-11-01
CentOS CESA-2015:0700 unzip 2015-04-01
Mandriva MDVSA-2015:123 unzip 2015-03-29
Scientific Linux SLSA-2015:0700-1 unzip 2015-03-25
Oracle ELSA-2015-0700 unzip 2015-03-18
Oracle ELSA-2015-0700 unzip 2015-03-18
CentOS CESA-2015:0700 unzip 2015-03-18
Red Hat RHSA-2015:0700-01 unzip 2015-03-18
Fedora FEDORA-2015-1993 unzip 2015-02-23
Fedora FEDORA-2015-2035 unzip 2015-02-16
openSUSE openSUSE-SU-2015:0240-1 unzip 2015-02-09
Debian-LTS DLA-150-1 unzip 2015-02-07
Ubuntu USN-2472-1 unzip 2015-01-14
Mandriva MDVSA-2015:016 unzip 2015-01-08
Debian-LTS DLA-124-1 unzip 2014-12-28
Debian DSA-3113-1 unzip 2014-12-28
Mageia MGASA-2014-0562 unzip 2014-12-31
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds