[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 150-1] unzip security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : unzip
Version        : 6.0-4+deb6u2
CVE ID         : CVE-2014-8139 CVE-2014-9636
Debian Bug     : 775640 776589

A flaw was found in the test_compr_eb() function allowing out-of-bounds
read and write access to memory locations. By carefully crafting a
corrupt ZIP archive an attacker can trigger a heap overflow, resulting
in application crash or possibly having other unspecified impact.

Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU1hhEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHr6MP/2eTqMYIDcoqvYzHEMdm66mL
KABYvBKBvUZder7OZKBIEwWOq07xFsohSLlbGwWXXWGVpdMza1eXwRlYYURnkgAE
KoxmzCe9vDffwuIQ6+KGIeuPKnMFONZq92rAaLxZfIaFopdqttwles0U/XqKPdL9
pbC9K20HbO9LmzGrO4Y69/E+m74dIsoHsTdihJQgVTou3TQ4KbiAC03Ug/+A4ErF
fy7ugkODrm/Fb0D7UUYqu9Zv9g8XPJx9v5fkgvAxloKVV9KtfUJNv/N4/l+IYMPH
h9xASujdYKtn/oqnnmX+xdnSUXHD6Nh8Fy0B3EkKM85qAZdHSo3du56hPBt1yJyL
2okETSDyKgKJpbLsOWZMu4xPG5G6PMBbj1SdRN+gGx5FJNXP7MmFn3Ldva1LCHkI
GLvXY9o8HV83hlaSV0ur+yvg7HUZg13wjxLRyVktR8j1MySXyqR9VMLKyNFX2psP
0m3JAfId4CZxvrVM3BuMKKHIn+WEe1MC3oneJ93EXHpC7L4ClWIHLEz1VgHJ8aO/
DXDF2PMUayWKhSr7KgWPkcJh6hQroHMmXXGfUEPXQtbxoZFDQ8IqxC/57luyJ2g1
q+H4+dEwf3hfMxUm1kZzZPtbx39APV82FruqZVFkcO/jABnckZ6MC5PamSb0jMHq
AlbUEVMS38xlZLe3oAdm
=mgs7
-----END PGP SIGNATURE-----


Reply to: