Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
patchinfo.3339
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3339
<patchinfo incident="3339"> <issue id="950110" tracker="bnc">VUL-1: CVE-2015-7696: unzip: heap overflow triggered by unzipping a file with password</issue> <issue id="950111" tracker="bnc">VUL-1: CVE-2015-7697: unzip: DoS with a file that never finishes unzipping</issue> <issue id="1013992" tracker="bnc">VUL-0: CVE-2016-9844: unzip: Buffer overflow in ZipInfo</issue> <issue id="1013993" tracker="bnc">VUL-0: CVE-2014-9913: unzip: Buffer overflow in "unzip -l" via list_files() in list.c</issue> <issue id="1080074" tracker="bnc">VUL-1: CVE-2018-1000035: unzip: [Heap-based buffer overflow in password protected ZIP archives]</issue> <issue id="910683" tracker="bnc">unzip fails to extract file generated by WS2012R2</issue> <issue id="914442" tracker="bnc">VUL-1: CVE-2014-9636: unzip: out-of-bounds read/write in test_compr_eb() in extract.c</issue> <issue id="2014-9636" tracker="cve" /> <issue id="2018-1000035" tracker="cve" /> <issue id="2015-7696" tracker="cve" /> <issue id="2015-7697" tracker="cve" /> <issue id="2016-9844" tracker="cve" /> <issue id="2014-9913" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>jmoellers</packager> <description>This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) </description> <summary>Security update for unzip</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
