(RHSA-2007:0203) Low: unzip security and bug fix update

2007-05-01T04:00:00
ID RHSA-2007:0203
Type redhat
Reporter RedHat
Modified 2017-09-08T11:51:54

Description

The unzip utility is used to list, test, or extract files from a zip archive.

A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475)

A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667)

As well, this update adds support for files larger than 2GB.

All users of unzip should upgrade to these updated packages, which contain backported patches that resolve these issues.