DebianDEBIAN:DSA-1012-1:D890C[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution
6.6 Medium
AI Score
Confidence
Low
3.7 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.7%
Debian Security Advisory DSA 1012-1 [email protected]
http://www.debian.org/security/ Martin Schulze
March 21st, 2006 http://www.debian.org/security/faq
Package : unzip
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-4667
CERT advisory :
BugTraq ID : 15968
Debian Bug : 349794.
A buffer overflow in the command line argument parsing has been
discovered in unzip, the de-archiver for ZIP files that could lead to
the execution of arbitrary code.
For the old stable distribution (woody) this problem has been fixed in
version 5.50-1woody6.
For the stable distribution (sarge) this problem has been fixed in
version 5.52-1sarge4.
For the unstable distribution (sid) this problem has been fixed in
version 5.52-7.
We recommend that you upgrade your unzip package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.dsc
Size/MD5 checksum: 571 cc14465fbe413ef3a7f5c5d9ffc117ce
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.diff.gz
Size/MD5 checksum: 7373 6964744843adce4de0913f5ff9a0e710
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
Size/MD5 checksum: 1068379 6d27bcdf9b51d0ad0f78161d0f99582e
Alpha architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_alpha.deb
Size/MD5 checksum: 160670 5314de93efaf4eb391d151fc99b76385
ARM architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_arm.deb
Size/MD5 checksum: 139532 52ce821cdbeb1055acf4000adcbecf10
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_i386.deb
Size/MD5 checksum: 122950 783758b4c93d0be1c2aad7b2cf41a4a4
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_ia64.deb
Size/MD5 checksum: 191146 90a66edf48109c217d9da2615a99e32a
HP Precision architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_hppa.deb
Size/MD5 checksum: 147126 4b49f39b4fe4142716df95c08f61a66b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_m68k.deb
Size/MD5 checksum: 119684 51c36fc99310866c4158b4962f80354f
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mips.deb
Size/MD5 checksum: 143092 988785cbcb0ef2d656c82396b1a3d084
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mipsel.deb
Size/MD5 checksum: 143534 6f4ee2d9bcadf4aef4dadaf16c270024
PowerPC architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_powerpc.deb
Size/MD5 checksum: 136544 41839b724b2f0f5faee98bb410b92015
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_s390.deb
Size/MD5 checksum: 137202 e55b19543ea9b5526daf45506e07a373
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_sparc.deb
Size/MD5 checksum: 147670 9e0bcfaa072cf09b67b3af6361b6941c
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.dsc
Size/MD5 checksum: 528 fa94e70012ca87d3c47a32cc1a5ee8d1
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.diff.gz
Size/MD5 checksum: 5970 d90c45ee99376216714a74619e9dd241
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5 checksum: 1140291 9d23919999d6eac9217d1f41472034a9
Alpha architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_alpha.deb
Size/MD5 checksum: 175568 2c937f3342f888c177d14b508c5bcfc2
AMD64 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_amd64.deb
Size/MD5 checksum: 154984 a4b1a683d280713aa81e19b2b2576894
ARM architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_arm.deb
Size/MD5 checksum: 155496 ae1fe7b4d009fa7cfb838e86e53c3017
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_i386.deb
Size/MD5 checksum: 145018 8e5def26db7c48b5c13374d8721c78f0
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_ia64.deb
Size/MD5 checksum: 206712 72bccff65305290aeb40a548ee134b72
HP Precision architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_hppa.deb
Size/MD5 checksum: 162914 4e946c0b5fbdb669f9b4dcc7b04dcffa
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_m68k.deb
Size/MD5 checksum: 133792 5cb71bb725b0f0e12b14103ad31832d2
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mips.deb
Size/MD5 checksum: 163458 c11e854b0131f93c9debf23b18e3e49a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mipsel.deb
Size/MD5 checksum: 164040 049471a42b402971801375b6bc40825a
PowerPC architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_powerpc.deb
Size/MD5 checksum: 157426 d717ec6573055c17931206906dc8b580
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_s390.deb
Size/MD5 checksum: 156594 6e200ece0aa56e8c67958568e43ea33c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_sparc.deb
Size/MD5 checksum: 155024 ebba4fa2a38e5be774a06288860a4757
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 3 | all | unzip | < 5.50-1woody6 | unzip_5.50-1woody6_all.deb |
| Debian | 3.1 | all | unzip | < 5.52-1sarge4 | unzip_5.52-1sarge4_all.deb |
Related
6.6 Medium
AI Score
Confidence
Low
3.7 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.7%