UbuntuUpdates.org

Package "unzip"

Name: unzip

Description:

De-archiver for .zip files
Latest version: 6.0-9ubuntu1.5
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://www.info-zip.org/UnZip.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "unzip"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "unzip" in Trusty

Repository Area Version
base main 6.0-9ubuntu1
updates main 6.0-9ubuntu1.5

Changelog

Version: 6.0-9ubuntu1.5 2015-11-09 17:06:16 UTC

  unzip (6.0-9ubuntu1.5) trusty-security; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers Mon, 09 Nov 2015 09:16:57 -0600
Source diff to previous version
1513293 unzip security update leads to extracting errors

Version: 6.0-9ubuntu1.4 2015-10-29 18:06:18 UTC

  unzip (6.0-9ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

 -- Marc Deslauriers Thu, 29 Oct 2015 10:33:05 -0400
Source diff to previous version
CVE-2015-7696 Heap buffer overflow when extracting password-protected archive
CVE-2015-7697 Infinite loop when extracting password-protected archive

Version: 6.0-9ubuntu1.3 2015-02-17 21:06:41 UTC

  unzip (6.0-9ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/06-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.
 -- Marc Deslauriers <email address hidden> Tue, 17 Feb 2015 14:17:20 -0500
Source diff to previous version

Version: 6.0-9ubuntu1.2 2015-02-03 19:06:20 UTC

  unzip (6.0-9ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636
 -- Marc Deslauriers <email address hidden> Thu, 29 Jan 2015 11:37:34 -0500
Source diff to previous version
CVE-2014-9636 OOB access (both read and write) issues in test_compr_eb

Version: 6.0-9ubuntu1.1 2015-01-15 03:07:29 UTC

  unzip (6.0-9ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
      length in extract.c.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
      sizes in extract.c.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
      in fileio.c, check sizes in process.c.
    - CVE-2014-8141
 -- Marc Deslauriers <email address hidden> Wed, 07 Jan 2015 16:14:02 -0500
CVE-2014-8139 CRC32 heap overflow
CVE-2014-8140 heap overflow in test_compr_eb
CVE-2014-8141 heap overflow in getZip64Data


About   -   Send Feedback to @ubuntu_updates