drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in UnZip (Aktualisierung)
Name: |
Zwei Probleme in UnZip (Aktualisierung) |
|
ID: |
USN-2788-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.04, Ubuntu 15.10 |
|
Datum: |
Mo, 9. November 2015, 22:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 |
|
Applikationen: |
UnZip |
|
Update von: |
Zwei Probleme in UnZip |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1357104910767590030== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IJ3cL4RRGWpIrkPlSaeKGeDC8OCPaMkU5"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IJ3cL4RRGWpIrkPlSaeKGeDC8OCPaMkU5 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2788-2 November 09, 2015
unzip regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
USN-2788-1 introduced a regression in unzip.
Software Description: - unzip: De-archiver for .zip files
Details:
USN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696) Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. (CVE-2015-7697)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: unzip 6.0-17ubuntu1.2
Ubuntu 15.04: unzip 6.0-13ubuntu3.2
Ubuntu 14.04 LTS: unzip 6.0-9ubuntu1.5
Ubuntu 12.04 LTS: unzip 6.0-4ubuntu2.5
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2788-2 http://www.ubuntu.com/usn/usn-2788-1 https://launchpad.net/bugs/1513293
Package Information: https://launchpad.net/ubuntu/+source/unzip/6.0-17ubuntu1.2 https://launchpad.net/ubuntu/+source/unzip/6.0-13ubuntu3.2 https://launchpad.net/ubuntu/+source/unzip/6.0-9ubuntu1.5 https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.5
--IJ3cL4RRGWpIrkPlSaeKGeDC8OCPaMkU5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJWQM5iAAoJEGVp2FWnRL6TP7EP/1JYymqb7Foc9m0nmK6mrKzV N24MuGwaR8aFZuckN5ERSAmRQ2StCqstLv1nh0y7gT201N3LKnf31JiptlraozDs cEAx3FC/3aVmWsbP5/wD/mUpKFL71z1diS+A/tiw6a1hz8IaaAlezaR0xA8ugbGy ZHR+cEtii/R/sBdsSJGq+cAWAgGf4/mJStwcpTCUSpVEKf8odeDqFqw7hhASY1pW NUZ63LTn9ypbKLs+aHsL0zeABsQJT2rqQsIHlF+6iZ+3vlV1oZUhe4S6JR4m1g1S aL3z4jxDim6eOfakq6tgvfT2j6uheSPxtl0fxLK0sZeKXHMPSboVW7k5HIwvdnM7 7C07XO7IZhMb8U91tzAixu2fnIUh/mI4fbIOGxFvi6xbPQaANZWm+TIVpSEhQxuN DEfzt+KQ4Y326h2Wtd7Gwd2N5Z3CPFJuCApBdbV0jZeu5SNeNjMn2otE0LHwkV0G ipMZm30DEfqK9MPaku6khFdzaYTbRQOX9o53Xsngx247yRvg7TfXqndv4MBU3V9U UIOltC2A2brKk4TvKZ3JkLa0Qo5YxgNqIQImetsQQp2ldjBkGnYSgIp+RAtaFDLU 8Gc40k5Qlzf1rPzBN4eSFkKeiCBFRlBiwDuXhyBTrXN4oE3EFKL1phdNZNgwBFBE Q0XC5pcn+9Uk5PpgQcUa =dzXZ -----END PGP SIGNATURE-----
--IJ3cL4RRGWpIrkPlSaeKGeDC8OCPaMkU5--
--===============1357104910767590030== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1357104910767590030==--
|
|
|
|