unzip-6.0-21.el7

エラータID: AXSA:2020-4547:01

Release date: 
Thursday, April 2, 2020 - 05:53
Subject: 
unzip-6.0-21.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The unzip utility is used to list, test, and extract files from zip archives.

Security Fix(es):

* unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

Solution: 

Update packages.

CVEs: 
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. unzip-6.0-21.el7.src.rpm
    MD5: f2501546ccacc966f9dfe94c3deacd3a
    SHA-256: b7876ddbd1098c69f0b11f5ca918e2e7cc82c73130a1f27d50206bdb3241f285
    Size: 1.36 MB

Asianux Server 7 for x86_64
  1. unzip-6.0-21.el7.x86_64.rpm
    MD5: d76fd7737000b3a9dc5853c80014ee59
    SHA-256: d6b3f31bcef0f717356be5b90f9bae9adf503828a97bb96f911f689a38aed9f8
    Size: 170.39 kB