unzip 보안 업데이트
업데이트 : 2015.03.23
이름 : unzip-1:6.0-2.an2
벤더 : AnNyung Packaging Team
설명 :
The unzip utility is used to list, test, or extract files from a zip
archive. Zip archives are commonly found on MS-DOS systems. The zip
utility, included in the zip package, creates zip archives. Zip and
unzip are both compatible with archives created by PKWARE(R)'s PKZIP
for MS-DOS, but the programs' options and default behaviors do differ
in some respects.
Install the unzip package if you need to list, test or extract files from
a zip archive.
변경사항
- security issues
Resolves: #1196132 #1196120 #1196124 #1196128
. CVE-2014-9636
A buffer overflow was found in the way unzip uncompressed certain extra fields of a file.
A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary
code when the archive was tested with unzip's '-t' option.
. CVE-2014-8139
A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain
extra fields of a file. A specially crafted Zip archive could cause unzip to crash when
the archive was tested with unzip's '-t' option.
. CVE-2014-8140
An integer underflow flaw, leading to a buffer overflow, was found in the way unzip
uncompressed certain extra fields of a file. A specially crafted Zip archive could cause
unzip to crash when the archive was tested with unzip's '-t' option.
. CVE-2014-8141
A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted
Zip archive could possibly cause unzip to crash when the archive was uncompressed.
업데이트 패키지
SRPMS:
. unzip-6.0-2.an2.src.rpm
x86_64:
. unzip-6.0-2.an2.x86_64.rpm
i686:
. unzip-6.0-2.an2.i686.rpm
|