Debian DLA-330-1 : unzip security update
Medium Nessus Plugin ID 86551
SynopsisThe remote Debian host is missing a security update.
DescriptionGustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives.
For the Debian 6 squeeze, these issues haven been fixed in unzip 6.0-4+deb6u3.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected unzip package.