[SECURITY] [DLA 2082-1] unzip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2082-1] unzip security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 28 Jan 2020 22:18:22 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.2001282217270.3097@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : unzip
Version        : 6.0-16+deb8u6
CVE ID         : CVE-2018-1000035


An issue has been found in unzip, a de-archiver for .zip files.

While processing a password protected archive, a heap-based bufferoverflow could happen, that allows an attacker to perform a denial ofservice or to possibly achieve code execution.

For Debian 8 "Jessie", this problem has been fixed in version6.0-16+deb8u6.


We recommend that you upgrade your unzip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4wpR5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfl9g/8De2l/fYqN6xtGgriVt+kD0GV0ld/aPE9Rva9QOQArW7bAuBh/KECWN0F
b2pYEAYfJgFHW0o5VvzqIpci9+eafJLoZ77v3w2r5jIFs6QZlfQ2X1Do1odcJFh5
shDNlpnpEjsISihEP3D1RNFlv69jxzHVVjm0Du7adbfZIDTpUO4MgmyUPLRxxnOm
tffPYsvRZhr/1btAceZjt3o8KQU3fJZo0FywelUTuRr9do/jkFd7HUK+FfWH5aUa
TPed/SrcT3AjqqKcwe5DCLfAo62vocnEu/MX31Ve7x/L7Lr3fQHFF97/t7C7OAnn
5v51D7KNGORI5TGwggNJK1xiBwdH0Bxxnp2wci9vMfhnjbLp5gY2p8DDP15Hfbct
bMjcqOa2YrpjETEz9qHpnVIbeAS3XbcidLqEhIUrbIlciFDD8JEx9xpjLWOE1+Z1
nxt9Kp5QDluC9xaVjq2oaz2YCmuZEFZvxlBlk1kdeyY8g51JPkfHZv3sOZDikosb
F4HlX18I/Pz07q2G8niPBnr1wgzQFg60zPTCZU6Y6b5j43jx1ViHI6EBlprer3Jz
ajSUUOnnnhGymo3KssK9KOFyrRgETVmgkZCQn0GJDHpTaX2ElCRLIq1O5GlFmHy/
3g0g/OkYLI9haZ/fWfmOV+D++F5RZEyZec0o3fisS9u+uQHdWNI=
=JCOx
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2081-1] openjpeg2 security update
Next by Date: [SECURITY] [DLA 2079-1] otrs2 security update
Previous by thread: [SECURITY] [DLA 2081-1] openjpeg2 security update
Next by thread: [SECURITY] [DLA 2079-1] otrs2 security update
Index(es):
- Date
- Thread