Описание
Security update for unzip
unzip was updated to fix one security issue.
This security issue was fixed:
- Out-of-bounds read/write in test_compr_eb() in extract.c (CVE-2014-9636).
Список пакетов
SUSE Linux Enterprise Desktop 12
unzip-6.00-32.1
SUSE Linux Enterprise Server 12
unzip-6.00-32.1
SUSE Linux Enterprise Server for SAP Applications 12
unzip-6.00-32.1
Ссылки
- Link for SUSE-SU-2015:0355-1
- E-Mail link for SUSE-SU-2015:0355-1
- SUSE Security Ratings
- SUSE Bug 914442
- SUSE CVE CVE-2014-9636 page
Описание
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:unzip-6.00-32.1
SUSE Linux Enterprise Server 12:unzip-6.00-32.1
SUSE Linux Enterprise Server for SAP Applications 12:unzip-6.00-32.1
Ссылки
- CVE-2014-9636
- SUSE Bug 914442