Lucene search

K
osvGoogleOSV:DSA-3386-2
HistoryOct 31, 2015 - 12:00 a.m.

unzip - regression update

2015-10-3100:00:00
Google
osv.dev
17
unzip
vulnerabilities
security update

EPSS

0.047

Percentile

92.7%

Two vulnerabilities have been found in unzip, a de-archiver for .zip
files. The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2015-7696
    Gustavo Grieco discovered that unzip incorrectly handled certain
    password protected archives. If a user or automated system were
    tricked into processing a specially crafted zip archive, an attacker
    could possibly execute arbitrary code.
  • CVE-2015-7697
    Gustavo Grieco discovered that unzip incorrectly handled certain
    malformed archives. If a user or automated system were tricked into
    processing a specially crafted zip archive, an attacker could
    possibly cause unzip to hang, resulting in a denial of service.

For the oldstable distribution (wheezy), these problems have been fixed
in version 6.0-8+deb7u4.

For the stable distribution (jessie), these problems have been fixed in
version 6.0-16+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 6.0-19.

For the unstable distribution (sid), these problems have been fixed in
version 6.0-19.

We recommend that you upgrade your unzip packages.