Debian Local Security Checks : Debian Security Advisory DSA 3152-1 (unzip

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.703152

Categoría: Debian Local Security Checks

Título: Debian Security Advisory DSA 3152-1 (unzip - security update)

Resumen: A flaw was found in the test_compr_eb();function allowing out-of-bounds read and write access to memory locations. By;carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow,;resulting in application crash or possibly having other unspecified impact.

Descripción: Summary:
A flaw was found in the test_compr_eb()
function allowing out-of-bounds read and write access to memory locations. By
carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow,
resulting in application crash or possibly having other unspecified impact.

Affected Software/OS:
unzip on Debian Linux

Solution:
For the stable distribution (wheezy),
this problem has been fixed in version 6.0-8+deb7u2. Additionally this update
corrects a defective patch applied to address CVE-2014-8139, which caused a
regression with executable jar files.

For the unstable distribution (sid), this problem has been fixed in
version 6.0-15. The defective patch applied to address CVE-2014-8139
was corrected in version 6.0-16.

We recommend that you upgrade your unzip packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8139
http://www.ocert.org/advisories/ocert-2014-011.html
http://www.securitytracker.com/id/1031433
https://access.redhat.com/errata/RHSA-2015:0700
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
Common Vulnerability Exposure (CVE) ID: CVE-2014-9636
BugTraq ID: 71825
http://www.securityfocus.com/bid/71825
Debian Security Information: DSA-3152 (Google Search)
http://www.debian.org/security/2015/dsa-3152
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html
https://security.gentoo.org/glsa/201611-01
http://seclists.org/oss-sec/2014/q4/489
http://seclists.org/oss-sec/2014/q4/496
http://seclists.org/oss-sec/2015/q1/216
http://seclists.org/oss-sec/2014/q4/1131
http://secunia.com/advisories/62738
http://secunia.com/advisories/62751
http://www.ubuntu.com/usn/USN-2489-1

Copyright Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.703152
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3152-1 (unzip - security update)
Resumen:	A flaw was found in the test_compr_eb();function allowing out-of-bounds read and write access to memory locations. By;carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow,;resulting in application crash or possibly having other unspecified impact.
Descripción:	Summary: A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. Affected Software/OS: unzip on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 6.0-8+deb7u2. Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files. For the unstable distribution (sid), this problem has been fixed in version 6.0-15. The defective patch applied to address CVE-2014-8139 was corrected in version 6.0-16. We recommend that you upgrade your unzip packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8139 http://www.ocert.org/advisories/ocert-2014-011.html http://www.securitytracker.com/id/1031433 https://access.redhat.com/errata/RHSA-2015:0700 https://bugzilla.redhat.com/show_bug.cgi?id=1174844 Common Vulnerability Exposure (CVE) ID: CVE-2014-9636 BugTraq ID: 71825 http://www.securityfocus.com/bid/71825 Debian Security Information: DSA-3152 (Google Search) http://www.debian.org/security/2015/dsa-3152 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html https://security.gentoo.org/glsa/201611-01 http://seclists.org/oss-sec/2014/q4/489 http://seclists.org/oss-sec/2014/q4/496 http://seclists.org/oss-sec/2015/q1/216 http://seclists.org/oss-sec/2014/q4/1131 http://secunia.com/advisories/62738 http://secunia.com/advisories/62751 http://www.ubuntu.com/usn/USN-2489-1
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net