AXSA:2019-4176:01

リリース日: 
2019/08/20 Tuesday - 06:44
題名: 
unzip-6.0-20.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The unzip utility is used to list, test, and extract files from zip archives.

Security Fix(es):

* unzip: Buffer overflow in list.c resulting in a denial of service (CVE-2018-18384)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-18384
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. unzip-6.0-20.el7.src.rpm
md5sum: beb87f24f188e0158342f2c509cc67f3
sha256sum: 08ed782f81306dff54a144f0528e3e7c6cd6e6075600a296f943c1b87a30a9d4
Size: 1,382 Kb

Asianux Server 7.0 for x86_64
1. unzip-6.0-20.el7.x86_64.rpm
md5sum: f47727c7b6290e618201f046c2b5ecd1
sha256sum: c88d272c35e37e2fd4fe4459fc06b89f52f86b4c837c6b419ff4eca9707cd2b7
Size: 169 Kb
Copyright© 2007-2015 Asianux. All rights reserved.