Package "unzip"
Name: |
unzip
|
Description: |
De-archiver for .zip files
|
Latest version: |
6.0-21ubuntu1.2 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
http://www.info-zip.org/UnZip.html |
Links
Download "unzip"
Other versions of "unzip" in Bionic
Changelog
unzip (6.0-21ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference in unzip (LP: #1957077)
- debian/patches/CVE-2021-4217.patch: Fix null pointer dereference and use
of uninitialized data
- CVE-2021-4217
* SECURITY UPDATE: Out-of-bound write vulnerability in unzip
- debian/patches/CVE-2022-0529.patch: Fix wide string conversion in
process.c
- debian/patches/CVE-2022-0530.patch: Add missing error handling in
fileio.c and process.c
- CVE-2022-0529
- CVE-2022-0530
-- Nishit Majithia <email address hidden> Fri, 07 Oct 2022 22:38:33 +0530
|
Source diff to previous version |
1957077 |
SIGSEGV during processing of unicode string |
CVE-2021-4217 |
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This f |
CVE-2022-0529 |
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound wri |
CVE-2022-0530 |
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound wri |
|
unzip (6.0-21ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in password protected ZIP archives
- debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
check before allocating memory in fileio.c.
- CVE-2018-1000035
* SECURITY UPDATE: denial of service (resource consumption)
- debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
in undefer_input() of fileio.c that misplaced the input state.
- debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
Detect and reject a zip bomb using overlapped entries.
- debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
Do not raise a zip bomb alert for a misplaced central directory.
- CVE-2019-13232
-- Avital Ostromich <email address hidden> Thu, 26 Nov 2020 16:01:36 -0500
|
CVE-2018-1000035 |
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to per |
CVE-2019-13232 |
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip |
|
About
-
Send Feedback to @ubuntu_updates