FEDORA-2015-2035 — security update for unzip

stable

unzip-6.0-20.fc21

FEDORA-2015-2035 created by pstodulk 8 years ago for Fedora 21

Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
Fix buffer overflow on long file sizes (#1191136)
CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
Fix buffer overflow on long file sizes (#1191136)
Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
Fix buffer overflow on long file sizes (#1191136)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2015-2035

This update has been submitted for testing by pstodulk.

8 years ago

empateinfinito commented & provided feedback 8 years ago

karma

work fine for me :)

Critical path update approved

8 years ago

taskotron commented 8 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36737/steps/runtask/logs/stdio (results are informative only)

taskotron commented 8 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36746/steps/runtask/logs/stdio (results are informative only)

taskotron commented 8 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36737/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

8 years ago

This update is currently being pushed to the Fedora 21 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago

flo commented & provided feedback 8 years ago

karma

works fine for me

yograterol provided feedback 8 years ago

karma

This update has reached the stable karma threshold and will be pushed to the stable updates repository

8 years ago

taskotron commented 8 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/37517/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Builds

unzip-6.0-20.fc21

Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

8 years ago

in testing

8 years ago

in stable

8 years ago

BZ#1174844 CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)

BZ#1174851 CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)

BZ#1174856 CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)

BZ#1184985 CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c

BZ#1184986 CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]

BZ#1191118 CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]

BZ#1191136 unzip: buffer overflows on long compression factors and methods

unzip-6.0-20.fc21

Automated Test Results

None