UnZip: Multiple vulnerabilities

2016-11-01T00:00:00
ID GLSA-201611-01
Type gentoo
Reporter Gentoo Foundation
Modified 2016-11-01T00:00:00

Description

Background

Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files.

Description

Multiple vulnerabilities were found in UnZip. Please review the referenced CVE’s for additional information.

Impact

Remote attackers could execute arbitrary code or cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All UnZip users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p20"