Synopsis: Moderate: unzip security update
Advisory ID: SLSA-2015:0700-1
Issue Date: 2015-03-18
CVE Numbers: CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
CVE-2014-9636
—
A buffer overflow was found in the way unzip uncompressed certain extra
fields of a file. A specially crafted Zip archive could cause unzip to
crash or, possibly, execute arbitrary code when the archive was tested
with unzip’s ‘-t’ option. (CVE-2014-9636)
A buffer overflow flaw was found in the way unzip computed the CRC32
checksum of certain extra fields of a file. A specially crafted Zip
archive could cause unzip to crash when the archive was tested with
unzip’s ‘-t’ option. (CVE-2014-8139)
An integer underflow flaw, leading to a buffer overflow, was found in the
way unzip uncompressed certain extra fields of a file. A specially crafted
Zip archive could cause unzip to crash when the archive was tested with
unzip’s ‘-t’ option. (CVE-2014-8140)
A buffer overflow flaw was found in the way unzip handled Zip64 files. A
specially crafted Zip archive could possibly cause unzip to crash when the
archive was uncompressed. (CVE-2014-8141)
—
SL6
x86_64
unzip-6.0-2.el6_6.x86_64.rpm
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
i386
unzip-6.0-2.el6_6.i686.rpm
unzip-debuginfo-6.0-2.el6_6.i686.rpm
SL7
x86_64
unzip-6.0-15.el7.x86_64.rpm
unzip-debuginfo-6.0-15.el7.x86_64.rpm
– Scientific Linux Development Team
