unzip-6.0-43.el8
エラータID: AXSA:2020-297:02
Release date:
Tuesday, September 8, 2020 - 03:50
Subject:
unzip-6.0-43.el8
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Low
Description:
The unzip utility is used to list, test, and extract files from zip archives.
Security Fix(es):
* unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Solution:
Update packages.
CVEs:
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
Additional Info:
N/A
Download:
SRPMS
- unzip-6.0-43.el8.src.rpm
MD5: 86e5669626c6e7514cdc9a3e62b589f1
SHA-256: 00e079c1b3d3479f6f371459fc722d9cd47f11d5c413b9159d04ea00dd71a3cb
Size: 1.37 MB
Asianux Server 8 for x86_64
- unzip-6.0-43.el8.x86_64.rpm
MD5: 9b3274e147477aec17286ae41faf280a
SHA-256: 76a82482ab406e59503ea5d297d93c9c1cd176490ac7a6f4861534acd31ab8c9
Size: 194.80 kB