Debian Security Advisory

DLA-330-1 unzip -- LTS security update

Date Reported:

22 Oct 2015

Affected Packages:

unzip

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 802160, Bug 802162.
In Mitre's CVE dictionary: CVE-2015-7696, CVE-2015-7697.

More information:

Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives.

For the Debian 6 squeeze, these issues haven been fixed in unzip 6.0-4+deb6u3.