Security update for unzip
unzip was updated to fix security issues.
The unzip command line tool is affected by heap-based buffer overflows
within the CRC32 verification (CVE-2014-8139), the test_compr_eb()
(CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141).
The input errors may result in in arbitrary code execution.
More info can be found in the oCert announcement:
http://seclists.org/oss-sec/2014/q4/1127
-
Submitted by
Marcus Meissner (msmeissn)
Fixed bugs
bnc#909214
VUL-0: CVE-2014-8139: unzip: input sanitization errors
