Slackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
2d88d00368cf8928d96abd2e9bbc2443f1a829890ef6abcd2773ac66b75c08a3
Gentoo Linux Security Advisory 201611-1 - Multiple vulnerabilities have been found in UnZip allowing remote attackers to execute arbitrary code and cause Denial of Service. Versions less than 6.0_p20 are affected.
cdb47bf2241655b31eacd5f4ce1266f75ba97fdb8d48e93fd095debfe4fdc848
Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.
36670a2c92a10eed9caf9afd9dd5f818e184e427c1eddb4da037e0aebc712907
Mandriva Linux Security Advisory 2015-123 - Updated unzip package fix multiple security vulnerabilities.
29ba50a03d278e126684809bd7aa9750c907fee11e1960b53dcaa74fc369fe53
Red Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.
bbf93d3ad2423c641ff52feaf0acea28238c5242e79a963abc3c9b57d08540ed
Ubuntu Security Notice 2472-1 - Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
96af76586c7eb74cac5329190917c1ca0395474a94546844ff04517a84a4601d
Mandriva Linux Security Advisory 2015-016 - The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification. the test_compr_eb() and the getZip64Data(). functions. The input errors may result in in arbitrary code execution. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the vulnerability. OOB access (both read and write) issues also exist in test_compr_eb() that can result in application crash or other unspecified impact. A specially crafted zip file, passed to the command unzip -t, can be used to trigger the issues.
2983017324390dd5037ed1e826c1fce37b662d49dbc50811a2506c1b9ccb89e4
Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.
c07d19cf6b887fa58bdf1aabe929c435954c16a8c33b34fa65ffa5b22c076cda
UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.
3be56fd57959f7da1359a14b848ad60e6021fb8ff555ec02f94fcdda37fffeaf