Fedora 20 : unzip-6.0-17.fc20 (2015-1993)

medium Nessus Plugin ID 81454

Synopsis

The remote Fedora host is missing a security update.

Description

- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)

- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)

- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)

- Fix buffer overflow on long file sizes (#1191136)

- CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)

- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)

- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)

- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)

- Fix buffer overflow on long file sizes (#1191136)

- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)

- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)

- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)

- Fix buffer overflow on long file sizes (#1191136)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected unzip package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1174844

https://bugzilla.redhat.com/show_bug.cgi?id=1174851

https://bugzilla.redhat.com/show_bug.cgi?id=1174856

https://bugzilla.redhat.com/show_bug.cgi?id=1184985

https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7

http://www.nessus.org/u?db3e9802

Plugin Details

Severity: Medium

ID: 81454

File Name: fedora_2015-1993.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2/24/2015

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:unzip, cpe:/o:fedoraproject:fedora:20

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/14/2015

Reference Information

CVE: CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636

FEDORA: 2015-1993