Tuesday, February 3, 2015

USN-2489-1: unzip vulnerability

Ubuntu Security Notice USN-2489-1


3rd February, 2015


unzip vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.10

  • Ubuntu 14.04 LTS

  • Ubuntu 12.04 LTS

  • Ubuntu 10.04 LTS


Software description



  • unzip - De-archiver for .zip files


Details


Michal Zalewski discovered that unzip incorrectly handled certain

malformed zip archives. If a user or automated system were tricked into

processing a specially crafted zip archive, an attacker could possibly

execute arbitrary code.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.10:

unzip 6.0-12ubuntu1.2

Ubuntu 14.04 LTS:

unzip 6.0-9ubuntu1.2

Ubuntu 12.04 LTS:

unzip 6.0-4ubuntu2.2

Ubuntu 10.04 LTS:

unzip 6.0-1ubuntu0.2


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


In general, a standard system update will make all the necessary changes.


References


CVE-2014-9636






from Ubuntu Security Notices http://bit.ly/18KS4vl
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)