Bug 37657 - unzip: Denial of service (4.1)
unzip: Denial of service (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P3 normal (vote)
: UCS 4.1-4-errata
Assigned To: Arvid Requate
Jürn Brodersen
:
Depends on: 37656
Blocks: 45177
  Show dependency treegraph
 
Reported: 2015-02-02 08:07 CET by Moritz Muehlenhoff
Modified: 2017-10-26 13:53 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 6.8 (CVSSv2:AV:N/AC:M/Au:N/C:P/I:P/A:P)
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-02 08:07:21 CET
Out of bands memory read when processing malformed ZIP archives (CVE-2014-9636)
Comment 1 Arvid Requate univentionstaff 2015-04-30 19:39:21 CEST
Fix available in Debian version 6.0-8+deb7u2
Comment 2 Arvid Requate univentionstaff 2016-12-15 15:26:05 CET
6.0-8+deb7u2 also fixes a regression introduced while fixing CVE-2014-8139.


Upstream Debian package version 6.0-8+deb7u4 fixes these additional issues:

* Fix infinite loop when extracting password-protected archive (CVE-2015-7696, CVE-2015-7697)

Upstream Debian package version 6.0-8+deb7u6 fixes these issues:

* Buffer overflow in "unzip -l" via list_files() in list.c (CVE-2014-9913)
* zipinfo buffer overflow (CVE-2016-9844)

Of all of these CVE-2014-9636 has the highest CVSSv2 score.
Comment 3 Arvid Requate univentionstaff 2017-08-10 14:28:18 CEST
repo_admin.py -U -d wheezy -r 4.1 -s errata4.1-4 -p unzip
b41-scope errata4.1-4 unzip

Advisory: unzip.yaml
Comment 4 Jürn Brodersen univentionstaff 2017-08-11 12:35:45 CEST
Looks good
What I tested
Tried unzip -> OK
changelog -> OK
YAML -> OK

Verified
Comment 5 Erik Damrose univentionstaff 2017-08-16 13:34:08 CEST
<http://errata.software-univention.de/ucs/4.1/449.html>