[SECURITY] [DLA 124-1] unzip security update

2014-12-28T19:15:35
ID DEBIAN:DLA-124-1:6E749
Type debian
Reporter Debian
Modified 2014-12-28T19:15:35

Description

Package : unzip Version : 6.0-4+deb6u1 CVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Debian Bug : 773722

Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.