Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : unzip regression (USN-2788-2)
Medium Nessus Plugin ID 86809
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionUSN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem.
We apologize for the inconvenience.
Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696)
Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. (CVE-2015-7697).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected unzip package.