Mandriva Linux Security Advisory : unzip (MDVSA-2015:123)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated unzip package fix security vulnerabilities :

The unzip command line tool is affected by heap-based buffer overflows
within the CRC32 verification (CVE-2014-8139), the test_compr_eb()
(CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The
input errors may result in in arbitrary code execution. A specially
crafted zip file, passed to the command unzip -t, can be used to
trigger the vulnerability.

OOB access (both read and write) issues also exist in test_compr_eb()
that can result in application crash or other unspecified impact. A
specially crafted zip file, passed to the command unzip -t, can be
used to trigger the issues.

See also :

http://advisories.mageia.org/MGASA-2014-0562.html

Solution :

Update the affected unzip package.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82376 ()

Bugtraq ID:

CVE ID: CVE-2014-8139
CVE-2014-8140
CVE-2014-8141

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now