Security update for unzip
SUSE Security Update: Security update for unzip
This update fixes the following security issues:
* CVE-2014-8139: heap overflow condition in the CRC32 verification
* CVE-2014-8140: write error (_8349_) shows a problem in
extract.c:test_compr_eb()
* CVE-2014-8141: read errors (_6430_, _3422_) show problems in
process.c:getZip64Data()
Security Issues:
* CVE-2014-8139
* CVE-2014-8140
* CVE-2014-8141
| Announcement ID: | SUSE-SU-2015:0070-1 |
| Rating: | moderate |
| References: | #909214 |
| Affected Products: |
An update that fixes three vulnerabilities is now available.
Description:
This update fixes the following security issues:
* CVE-2014-8139: heap overflow condition in the CRC32 verification
* CVE-2014-8140: write error (_8349_) shows a problem in
extract.c:test_compr_eb()
* CVE-2014-8141: read errors (_6430_, _3422_) show problems in
process.c:getZip64Data()
Security Issues:
* CVE-2014-8139
* CVE-2014-8140
* CVE-2014-8141
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-unzip-10159 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-unzip-10159 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-unzip-10159
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
- unzip-6.00-11.9.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- unzip-6.00-11.9.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- unzip-6.00-11.9.1
References:
- http://support.novell.com/security/cve/CVE-2014-8139.html
- http://support.novell.com/security/cve/CVE-2014-8140.html
- http://support.novell.com/security/cve/CVE-2014-8141.html
- https://bugzilla.suse.com/show_bug.cgi?id=909214
- http://download.suse.com/patch/finder/?keywords=b50fd3919c79cddfa486995f81297d4a