Arch Linux Security Advisory ASA-201501-3 ========================================= Severity: High Date : 2015-01-10 CVE-ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Package : unzip Type : arbitrary code execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package unzip before version 6.0-9 is vulnerable to arbitrary code execution and denial of service through multiple heap buffer overflows. Resolution ========== Upgrade to 6.0-9. # pacman -Syu "unzip>=6.0-9" The problems have not been fixed upstream but patches were added. Workaround ========== None. Description =========== - CVE-2014-8139 (heap buffer overflow) A heap-based buffer overflow exists in the CRC32 verification that allows attackers to potentially execute arbitrary code or cause a denial of service (memory corruption). - CVE-2014-8140 (out-of-bounds read/write) Out-of-bounds access (both read and write) issues exist in test_compr_eb() that can result in application crash or arbitrary code execution. - CVE-2014-8141 (out-of-bounds read) Two out-of-bounds read issues exist in getZip64Data() that allows attackers to cause a denial of service. Impact ====== An attacker is able to execute arbitrary code or cause a denial of service through a specially crafted zip file passed to the command unzip -t. References ========== https://www.ocert.org/advisories/ocert-2014-011.html https://access.redhat.com/security/cve/CVE-2014-8139 https://access.redhat.com/security/cve/CVE-2014-8140 https://access.redhat.com/security/cve/CVE-2014-8141 https://bugs.archlinux.org/task/43300 https://bugs.archlinux.org/task/43391