Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : infozip (SSA:2005-121-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New infozip (zip/unzip) packages are available for Slackware 8.1,
9.0, 9.1, 10.0, 10.1, and -current to fix security issues. - From the
www.info-zip.org site: Zip 2.3 and (presumably) all previous versions
have a buffer- overrun vulnerability relating to deep directory paths
that could potentially lead to local privilege escalation (e.g., in
the case of automated, Zip-based backups). See the FAQ page for
details. All versions of UnZip through 5.50 have a number of
directory- traversal vulnerabilities, and version 5.50 also has a
textmode data- corruption bug that affects 16-bit ports such as
MS-DOS. See the FAQ page for details.

See also :

http://www.nessus.org/u?fe9992b8

Solution :

Update the affected infozip package.

Risk factor :

High

Family: Slackware Local Security Checks

Nessus Plugin ID: 18810 ()

Bugtraq ID:

CVE ID: