[arch-security] [ASA-201503-9] unzip: arbitrary code execution
anthraxx at archlinux.org
Sun Mar 15 05:35:02 UTC 2015
Arch Linux Security Advisory ASA-201503-9
Date : 2015-03-15
CVE-ID : CVE-2014-9636
Package : unzip
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package unzip before version 6.0-10 is vulnerable to heap buffer
overflow leading to denial of service or possibly arbitrary code execution.
Upgrade to 6.0-10.
# pacman -Syu "unzip>=6.0-10"
The problems have not been fixed upstream but patches were added.
A buffer overflow (out-of-bounds read or write) in test_compr_eb() in
extract.c was found in the way unzip handled an extra field with an
uncompressed size smaller than the compressed field size in a zip
archive that advertises STORED method compression. A specially crafted
Zip archive could cause unzip to crash or, possibly, execute arbitrary code.
An attacker is able to execute arbitrary code or cause a denial of
service through a specially crafted zip file.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security