Advisories » MGASA-2017-0015

Updated unzip package fixes security vulnerabilities

Publication date: 13 Jan 2017
Modification date: 13 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-9913 , CVE-2016-9844

Description

It was discovered that "unzip -l" (CVE-2014-9913) and "zipinfo"
(CVE-2016-9844) were vulnerable to buffer overflows when provided
malformed or maliciously-crafted ZIP files.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19899
• http://www.openwall.com/lists/oss-security/2016/12/05/20
• https://lwn.net/Alerts/708934/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844

SRPMS

5/core

• unzip-6.0-13.3.mga5