Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in UnZip
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in UnZip
ID: USN-2489-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10
Datum: Di, 3. Februar 2015, 23:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636
Applikationen: UnZip

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6671464773922774644==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="mvG8qTOq5r4sKl8bGIEGCmtOKnTJ4gu5m"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--mvG8qTOq5r4sKl8bGIEGCmtOKnTJ4gu5m
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2489-1
February 03, 2015

unzip vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Details:

Michal Zalewski discovered that unzip incorrectly handled certain
malformed zip archives. If a user or automated system were tricked into
processing a specially crafted zip archive, an attacker could possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
unzip 6.0-12ubuntu1.2

Ubuntu 14.04 LTS:
unzip 6.0-9ubuntu1.2

Ubuntu 12.04 LTS:
unzip 6.0-4ubuntu2.2

Ubuntu 10.04 LTS:
unzip 6.0-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2489-1
CVE-2014-9636

Package Information:
https://launchpad.net/ubuntu/+source/unzip/6.0-12ubuntu1.2
https://launchpad.net/ubuntu/+source/unzip/6.0-9ubuntu1.2
https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.2
https://launchpad.net/ubuntu/+source/unzip/6.0-1ubuntu0.2



--mvG8qTOq5r4sKl8bGIEGCmtOKnTJ4gu5m
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU0RNsAAoJEGVp2FWnRL6TC7cP/RLlbiBVS8rxELJjBLfHdzeF
xr1376NF2bwOkxL9FOp2pjjmJWJ7nG0eC1qpGdxYvmn5Afu8q8QdYNTXafYDLr6e
Cljl7njPXCcFI8VTCKHxKnqDXCq8EYlZtPxQLtOpo5W1FDkA//FV2pau5BlWCTiS
3kuAyfkK702QvuqmvCRW0ITc8dJfgeF+4MbR+SQZc/6PuMrEld9bdltwcv26KdTF
jENSZ+ovIQN0bxZ/koGhYXqQVnzRszLUGbGBQ39b7NlCknlahhdod8JM6c+6xqwX
pwQB/R6PNtioqulN8lLVoaRst0puOI5FfQEoUprQHUW1XXcXNe/kg7oESCPu+oc3
x0yLRT2M3SVxYeXVJ3+sOICnEU9xg5e+O0gg0/TWT4cewVR+1X0N1Z7uKsvulyhV
VmrBMo30yjgpAyqM83ptAn2Ard+dfOFxjXSrdFSXogGVqT6DVp7kqvQoYYIMgPYj
ny2Yiq+BeMRf2AhgYz3qn3l3aZSzfd1xl8XkNhy6vKfufIwDnFyvqgOah6ojHQ4v
3811z9+oyrPon4irU3vtawYBG15QNK9zsD+FQP03bP0xgV6BEQEiooIAkPmEnjOW
yNpRAp8Ftg1CI7KlL9Dvwx6mkw9bdIsq/a9iZ3zHm4py1eM9gvxAShIYOhK4DPdj
3BIZSscoPsnKZ0ekUCDU
=/bLx
-----END PGP SIGNATURE-----

--mvG8qTOq5r4sKl8bGIEGCmtOKnTJ4gu5m--


--===============6671464773922774644==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6671464773922774644==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung