Overview

File _patchinfo of Package patchinfo.7892

<patchinfo incident="7892">
  <issue tracker="bnc" id="910683">unzip fails to extract file generated by WS2012R2</issue>
  <issue tracker="bnc" id="914442">VUL-1: CVE-2014-9636: unzip: out-of-bounds read/write in test_compr_eb() in extract.c</issue>
  <issue tracker="bnc" id="1080074">VUL-1: CVE-2018-1000035: unzip: [Heap-based buffer overflow in password protected ZIP archives]</issue>
  <issue tracker="cve" id="2014-9636"/>
  <issue tracker="cve" id="2018-1000035"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>kstreitova</packager>
  <description>This update for unzip fixes the following issues:

- CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and
  crash) via an extra field with an uncompressed size smaller than the compressed
  field size in a zip archive that advertises STORED method compression
  (bsc#914442)
- CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of
  password-protected archives that allowed an attacker to perform a denial of
  service or to possibly achieve code execution (bsc#1080074)

This non-security issue was fixed:

+- Allow processing of Windows zip64 archives (Windows archivers set
  total_disks field to 0 but per standard, valid values are 1 and higher)
  (bnc#910683)
</description>
  <summary>Security update for unzip</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places