[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-security-announce
Subject: [USN-4672-1] unzip vulnerabilities
From: Avital Ostromich <avital.ostromich () canonical ! com>
Date: 2020-12-16 20:40:06
Message-ID: 41610769-bd27-965d-6e6c-a6374eefabc5 () canonical ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
[Attachment #6 (multipart/alternative)]
==========================================================================
Ubuntu Security Notice USN-4672-1
December 16, 2020
unzip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in unzip.
Software Description:
- unzip: De-archiver for .zip files
Details:
Rene Freingruber discovered that unzip incorrectly handled certain
specially crafted password protected ZIP archives. If a user or automated
system using unzip were tricked into opening a specially crafted zip file,
an attacker could exploit this to cause a crash, resulting in a denial of
service. (CVE-2018-1000035)
Antonio Carista discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2018-18384)
It was discovered that unzip incorrectly handled certain specially crafted
ZIP archives. If a user or automated system using unzip were tricked into
opening a specially crafted zip file, an attacker could exploit this to
cause resource consumption, resulting in a denial of service.
(CVE-2019-13232)
Martin Carpenter discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2014-9913)
Alexis Vanden Eijnde discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2016-9844)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
unzip 6.0-21ubuntu1.1
Ubuntu 16.04 LTS:
unzip 6.0-20ubuntu1.1
Ubuntu 14.04 ESM:
unzip 6.0-9ubuntu1.6
Ubuntu 12.04 ESM:
unzip 6.0-4ubuntu2.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4672-1
CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384,
CVE-2019-13232
Package Information:
https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1
https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1
[Attachment #9 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>
</p>
<div class="moz-text-plain" wrap="true" style="font-family:
-moz-fixed; font-size: 12px;" lang="x-unicode">
<pre class="moz-quote-pre" \
wrap="">========================================================================== \
Ubuntu Security Notice USN-4672-1 December 16, 2020
unzip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in unzip.
Software Description:
- unzip: De-archiver for .zip files
Details:
Rene Freingruber discovered that unzip incorrectly handled certain
specially crafted password protected ZIP archives. If a user or automated
system using unzip were tricked into opening a specially crafted zip file,
an attacker could exploit this to cause a crash, resulting in a denial of
service. (CVE-2018-1000035)
Antonio Carista discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2018-18384)
It was discovered that unzip incorrectly handled certain specially crafted
ZIP archives. If a user or automated system using unzip were tricked into
opening a specially crafted zip file, an attacker could exploit this to
cause resource consumption, resulting in a denial of service.
(CVE-2019-13232)
Martin Carpenter discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2014-9913)
Alexis Vanden Eijnde discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2016-9844)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
unzip 6.0-21ubuntu1.1
Ubuntu 16.04 LTS:
unzip 6.0-20ubuntu1.1
Ubuntu 14.04 ESM:
unzip 6.0-9ubuntu1.6
Ubuntu 12.04 ESM:
unzip 6.0-4ubuntu2.6
In general, a standard system update will make all the necessary changes.
References:
<a class="moz-txt-link-freetext" \
href="https://usn.ubuntu.com/4672-1">https://usn.ubuntu.com/4672-1</a> \
CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, CVE-2019-13232
Package Information:
<a class="moz-txt-link-freetext" \
href="https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1">https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1</a>
<a class="moz-txt-link-freetext" \
href="https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1">https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1</a>
</pre>
</div>
</body>
</html>
["signature.asc" (application/pgp-signature)]
[Attachment #11 (text/plain)]
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic