Univention Bugzilla – Bug 37657
unzip: Denial of service (4.1)
Last modified: 2017-10-26 13:53:54 CEST
Out of bands memory read when processing malformed ZIP archives (CVE-2014-9636)
Fix available in Debian version 6.0-8+deb7u2
6.0-8+deb7u2 also fixes a regression introduced while fixing CVE-2014-8139. Upstream Debian package version 6.0-8+deb7u4 fixes these additional issues: * Fix infinite loop when extracting password-protected archive (CVE-2015-7696, CVE-2015-7697) Upstream Debian package version 6.0-8+deb7u6 fixes these issues: * Buffer overflow in "unzip -l" via list_files() in list.c (CVE-2014-9913) * zipinfo buffer overflow (CVE-2016-9844) Of all of these CVE-2014-9636 has the highest CVSSv2 score.
repo_admin.py -U -d wheezy -r 4.1 -s errata4.1-4 -p unzip b41-scope errata4.1-4 unzip Advisory: unzip.yaml
Looks good What I tested Tried unzip -> OK changelog -> OK YAML -> OK Verified
<http://errata.software-univention.de/ucs/4.1/449.html>