Updated unzip packages fix security vulnerabilities
Publication date: 30 Oct 2018Modification date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000031 , CVE-2018-1000032 , CVE-2018-1000033 , CVE-2018-1000034 , CVE-2018-1000035
Description
Updated unzip packages fix security vulnerabilities
Heap-based out-of-bounds write (CVE-2018-1000031).
Heap/BSS-based buffer overflow (Bypass of CVE-2015-1315)
(CVE-2018-1000032).
Heap out-of-bounds access in ef_scan_for_stream (CVE-2018-1000033).
Multiple vulnerabilities in the LZMA compression algorithm
(CVE-2018-1000034).
Heap-based buffer overflow in password protected ZIP archives
(CVE-2018-1000035).
References
- https://bugs.mageia.org/show_bug.cgi?id=22571
- https://www.openwall.com/lists/oss-security/2018/02/08/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035
SRPMS
6/core
- unzip-6.1c-1.1.mga6