Arch Linux Security Advisory ASA-201503-9 ========================================= Severity: High Date : 2015-03-15 CVE-ID : CVE-2014-9636 Package : unzip Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package unzip before version 6.0-10 is vulnerable to heap buffer overflow leading to denial of service or possibly arbitrary code execution. Resolution ========== Upgrade to 6.0-10. # pacman -Syu "unzip>=6.0-10" The problems have not been fixed upstream but patches were added. Workaround ========== None. Description =========== A buffer overflow (out-of-bounds read or write) in test_compr_eb() in extract.c was found in the way unzip handled an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code. Impact ====== An attacker is able to execute arbitrary code or cause a denial of service through a specially crafted zip file. References ========== http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 https://access.redhat.com/security/cve/CVE-2014-9636 https://bugs.archlinux.org/task/44171