openSUSE Security Update : unzip (openSUSE-2015-119)
Medium Nessus Plugin ID 81252
SynopsisThe remote openSUSE host is missing a security update.
Descriptionunzip was updated to fix security issues.
The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141). The input errors may result in in arbitrary code execution.
More info can be found in the oCert announcement:
SolutionUpdate the affected unzip packages.