Sicherheit: Mehrere Probleme in infozip

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] infozip (SSA:2019-060-01)

New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/infozip-6.0-i586-4_slack14.2.txz: Rebuilt.
Added some patches that should fix extracting archives with non-latin
characters in the filenames. Thanks to saahriktu.
This update also fixes various security issues in zip and unzip.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
infozip-6.0-i486-2_slack14.0.txz

Updated package for Slackware x86_64 14.0:
infozip-6.0-x86_64-2_slack14.0.txz

Updated package for Slackware 14.1:
infozip-6.0-i486-4_slack14.1.txz

Updated package for Slackware x86_64 14.1:
infozip-6.0-x86_64-4_slack14.1.txz

Updated package for Slackware 14.2:
infozip-6.0-i586-4_slack14.2.txz

Updated package for Slackware x86_64 14.2:
infozip-6.0-x86_64-4_slack14.2.txz

Updated package for Slackware -current:
infozip-6.0-i586-5.txz

Updated package for Slackware x86_64 -current:
infozip-6.0-x86_64-5.txz

MD5 signatures:
+-------------+

Slackware 14.0 package:
004d16da6ecb62eeae7d68313abac08c infozip-6.0-i486-2_slack14.0.txz

Slackware x86_64 14.0 package:
3985ddc5de60621e481121d33871e093 infozip-6.0-x86_64-2_slack14.0.txz

Slackware 14.1 package:
0185f2a6c53317e58040a05a84b2f4cc infozip-6.0-i486-4_slack14.1.txz

Slackware x86_64 14.1 package:
37c2682c08bf1ed5390ac31d02e97d98 infozip-6.0-x86_64-4_slack14.1.txz

Slackware 14.2 package:
b71c38eb5a09dee8c0e51bbc0e4b6d85 infozip-6.0-i586-4_slack14.2.txz

Slackware x86_64 14.2 package:
0d7239ab3d27aab1935ce6e16583ecfd infozip-6.0-x86_64-4_slack14.2.txz

Slackware -current package:
72e1c36d80be26a77fc1938b17f59538 a/infozip-6.0-i586-5.txz

Slackware x86_64 -current package:
4111b0985a0909907d2a13e99abb5ccd a/infozip-6.0-x86_64-5.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg infozip-6.0-i586-4_slack14.2.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlx5mkUACgkQakRjwEAQIjPgngCeL4XIUWheKTC811R2CceIbdMU
XaMAniTHw0irM4iursUtC/kNrG1AUPwT
=H87x
-----END PGP SIGNATURE-----