| Description: | The unzip utility is used to list, test, or extract files from a zip archive.
A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667)
As well, this update adds support for files larger than 2GB.
All users of unzip should upgrade to these updated packages, which contain backported patches that resolve these issues.
|