unzip-6.0-2.AXS4

エラータID: AXSA:2015-087:01

Release date: 
Monday, March 30, 2015 - 23:45
Subject: 
unzip-6.0-2.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Description :
The unzip utility is used to list, test, or extract files from a zip
archive. Zip archives are commonly found on MS-DOS systems. The zip
utility, included in the zip package, creates zip archives. Zip and
unzip are both compatible with archives created by PKWARE(R)'s PKZIP
for MS-DOS, but the programs' options and default behaviors do differ
in some respects.

Install the unzip package if you need to list, test or extract files from
a zip archive.

Security issues fixed with this release:

CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

CVE-2014-9636
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Solution: 

Update package.

CVEs: 
2014-8139

2014-8140

2014-8141

2014-9636

Additional Info: 

N/A

Download: 

SRPMS
  1. unzip-6.0-2.AXS4.src.rpm
    MD5: 54821fc64f26eb6a413fbd7825d2f76e
    SHA-256: 80cbc4d4bc7b3514734a1f4a6a7382be63a403294da4f10871f69db5dd8ac902
    Size: 1.33 MB

Asianux Server 4 for x86
  1. unzip-6.0-2.AXS4.i686.rpm
    MD5: 2f400c2ddd0390398d2b0083d0be55ad
    SHA-256: d726b82111a9f57eecd3408ce2bf3c472e04662516793fcce733b23b7d1e51f3
    Size: 142.36 kB

Asianux Server 4 for x86_64
  1. unzip-6.0-2.AXS4.x86_64.rpm
    MD5: 7e02bcb46e271ad41d5c7df044b682af
    SHA-256: e0660d10d5e7c6baebcad0621b22d7faa8c57abdd29a1f2c20a5f98d925a706d
    Size: 148.57 kB