Unix News Tutorials Events and Stuff: [USN-4672-1] unzip vulnerabilities

Wednesday, December 16, 2020
[USN-4672-1] unzip vulnerabilities

==========================================================================  Ubuntu Security Notice USN-4672-1  December 16, 2020    unzip vulnerabilities  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 18.04 LTS  - Ubuntu 16.04 LTS  - Ubuntu 14.04 ESM  - Ubuntu 12.04 ESM    Summary:    Several security issues were fixed in unzip.    Software Description:  - unzip: De-archiver for .zip files    Details:    Rene Freingruber discovered that unzip incorrectly handled certain  specially crafted password protected ZIP archives. If a user or automated  system using unzip were tricked into opening a specially crafted zip file,  an attacker could exploit this to cause a crash, resulting in a denial of  service. (CVE-2018-1000035)    Antonio Carista discovered that unzip incorrectly handled certain  specially crafted ZIP archives. If a user or automated system using unzip  were tricked into opening a specially crafted zip file, an attacker could  exploit this to cause a crash, resulting in a denial of service. This  issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.  (CVE-2018-18384)    It was discovered that unzip incorrectly handled certain specially crafted  ZIP archives. If a user or automated system using unzip were tricked into  opening a specially crafted zip file, an attacker could exploit this to  cause resource consumption, resulting in a denial of service.  (CVE-2019-13232)    Martin Carpenter discovered that unzip incorrectly handled certain  specially crafted ZIP archives. If a user or automated system using unzip  were tricked into opening a specially crafted zip file, an attacker could  exploit this to cause a crash, resulting in a denial of service. This  issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04  LTS. (CVE-2014-9913)    Alexis Vanden Eijnde discovered that unzip incorrectly handled certain  specially crafted ZIP archives. If a user or automated system using unzip  were tricked into opening a specially crafted zip file, an attacker could  exploit this to cause a crash, resulting in a denial of service. This  issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04  LTS. (CVE-2016-9844)    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 18.04 LTS:    unzip                           6.0-21ubuntu1.1    Ubuntu 16.04 LTS:    unzip                           6.0-20ubuntu1.1    Ubuntu 14.04 ESM:    unzip                           6.0-9ubuntu1.6    Ubuntu 12.04 ESM:    unzip                           6.0-4ubuntu2.6    In general, a standard system update will make all the necessary changes.    References:    https://usn.ubuntu.com/4672-1    CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384,    CVE-2019-13232    Package Information:    https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1    https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1
Wednesday, December 16, 2020

[USN-4672-1] unzip vulnerabilities

No comments:

Post a Comment
