Low: unzip

2020-10-22T18:43:00
ID ALAS2-2020-1550
Type amazon
Reporter Amazon
Modified 2020-10-22T18:43:00

Description

Issue Overview:

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. (CVE-2019-13232 __)

Affected Packages:

unzip

Issue Correction:
Run yum update unzip to update your system.

New Packages:

aarch64:  
    unzip-6.0-21.amzn2.aarch64  
    unzip-debuginfo-6.0-21.amzn2.aarch64

i686:  
    unzip-6.0-21.amzn2.i686  
    unzip-debuginfo-6.0-21.amzn2.i686

src:  
    unzip-6.0-21.amzn2.src

x86_64:  
    unzip-6.0-21.amzn2.x86_64  
    unzip-debuginfo-6.0-21.amzn2.x86_64