GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Nov 01, 2016 1:26 pm Post subject: [ GLSA 201611-01 ] UnZip |
 |
|
Gentoo Linux Security Advisory
Title: UnZip: Multiple vulnerabilities (GLSA 201611-01)
Severity: normal
Exploitable: remote
Date: November 01, 2016
Bug(s): #528082, #533748, #537424, #560416
ID: 201611-01
Synopsis
Multiple vulnerabilities have been found in UnZip allowing remote
attackers to execute arbitrary code and cause Denial of Service.
Background
Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP
compressed files.
Affected Packages
Package: app-arch/unzip
Vulnerable: < 6.0_p20
Unaffected: >= 6.0_p20
Architectures: All supported architectures
Description
Multiple vulnerabilities were found in UnZip. Please review the
referenced CVE’s for additional information.
Impact
Remote attackers could execute arbitrary code or cause Denial of
Service.
Workaround
There is no known workaround at this time.
Resolution
All UnZip users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p20"
|
References
CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
CVE-2014-9636 |
|
News & Announcements
