FEDORA-2015-2035 — security update for unzip

stable

unzip-6.0-20.fc21

FEDORA-2015-2035 created by pstodulk 10 years ago for Fedora 21

Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
Fix buffer overflow on long file sizes (#1191136)
CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
Fix buffer overflow on long file sizes (#1191136)
Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
Fix buffer overflow on long file sizes (#1191136)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-2035

This update has been submitted for testing by pstodulk.

10 years ago

empateinfinito commented & provided feedback 10 years ago

karma

work fine for me :)

Critical path update approved

10 years ago

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36737/steps/runtask/logs/stdio (results are informative only)

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36746/steps/runtask/logs/stdio (results are informative only)

taskotron commented 10 years ago

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36737/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update is currently being pushed to the Fedora 21 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

flo commented & provided feedback 10 years ago

karma

works fine for me

yograterol provided feedback 10 years ago

karma

This update has reached the stable karma threshold and will be pushed to the stable updates repository

10 years ago

taskotron commented 10 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/37517/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

10 years ago

in testing

10 years ago

in stable

10 years ago

Builds

unzip-6.0-20.fc21

BZ#1174844 CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)

BZ#1174851 CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)

BZ#1174856 CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)

BZ#1184985 CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c

BZ#1184986 CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]

BZ#1191118 CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]

BZ#1191136 unzip: buffer overflows on long compression factors and methods

unzip-6.0-20.fc21

Automated Test Results

None