OVAL Reference oval:org.mitre.oval:def:27660

CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code."> OVAL Reference oval:org.mitre.oval:def:27660 - CERT Civis.Net

Oval Definition:

oval:org.mitre.oval:def:27660

Revision Date:	2015-02-23	Version:	5
Title:	DSA-3113-1 -- unzip security update
Description:	Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 DSA-3113-1
Platform(s):	Debian GNU/kFreeBSD 7.0 Debian GNU/Linux 7.0	Product(s):	unzip
Definition Synopsis
Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND unzip is earlier than 0:6.0-8+deb7u1

BACK