- Vulnerabilities 73,499
Debian Security Advisory DSA 3113-1 (unzip - security update)
Published: 2014-12-27 23:00:00
CVE Author: NIST National Vulnerability Database (NVD)
CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution Type:
Vendor Patch
Affected Versions:
unzip on Debian Linux
Recommendations:
For the stable distribution (wheezy),
these problems have been fixed in version 6.0-8+deb7u1.
For the upcoming stable distribution (jessie), these problems will be
fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 6.0-13.
We recommend that you upgrade your unzip Linux Distribution Packages.
Summary:
Michele Spagnuolo of the Google
Security Team discovered that unzip, an extraction utility for archives
compressed in .zip format, is affected by heap-based buffer overflows within
the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function
(CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead
to the execution of arbitrary code.
Detection Method:
This check tests the installed software
version using the apt Linux Distribution Package manager.
Detection Type:
Linux Distribution Package
https://nvd.nist.gov/vuln/detail/CVE-2014-8139
https://nvd.nist.gov/vuln/detail/CVE-2014-8140
https://nvd.nist.gov/vuln/detail/CVE-2014-8141
You never have to pay for a vulnerability scanning and management software again.
Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.