--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-180159 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180159 2006-03-15 --------------------------------------------------------------------- Name : unzip Versions : rh73: unzip-5.50-31.1.legacy Versions : rh9: unzip-5.50-33.1.legacy Versions : fc1: unzip-5.50-35.1.legacy Versions : fc2: unzip-5.50-37.1.legacy Versions : fc3: unzip-5.51-4.fc3.1.legacy Summary : A utility for unpacking zip files. Description : The unzip utility is used to list, test, or extract files from a zip archive. Zip archives are commonly found on MS-DOS systems. The zip utility, included in the zip package, creates zip archives. Zip and unzip are both compatible with archives created by PKWARE(R)'s PKZIP for MS-DOS, but the programs' options and default behaviors do differ in some respects. --------------------------------------------------------------------- Update Information: An updated unzip package that fixes a buffer overflow vulnerability is now available. The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow bug has been discovered in unzip when handling long file names. An attacker could create a specially crafted path which could cause unzip to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-4667 to this issue. Users of unzip should upgrade to this updated package, which contains backported patches and is not vulnerable to this issue. --------------------------------------------------------------------- Changelogs rh73: * Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.50-31.1.legacy - Added a legacy release tag * Mon Feb 06 2006 Michal Jaegermann <michal@xxxxxxxxxxxx> 5.50-31.hd - patch for bz 178961 - CVE-2005-4667 - unzip long file name buffer overflow rh9: * Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.50-33.1.legacy - Added patch for CVE-2005-4667 fc1: * Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.50-35.1.legacy - Added patch for CVE-2005-4667 fc2: * Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.50-37.1.legacy - Added patch for CVE-2005-4667 fc3: * Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 5.51-4.fc3.1.legacy - Added patch for CVE-2005-4667 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 5d341df449ddf2d22410bd37bfba7d124960c1ae redhat/7.3/updates-testing/i386/unzip-5.50-31.1.legacy.i386.rpm d76fb8e7acc75cfca6d419b461ded4176348e2a2 redhat/7.3/updates-testing/SRPMS/unzip-5.50-31.1.legacy.src.rpm rh9: 00b6b6b34e4229e9a2547418c83470752c9c9ff9 redhat/9/updates-testing/i386/unzip-5.50-33.1.legacy.i386.rpm 30aa7fdaf8aada1dbb30dab4e6058a846d6a1e34 redhat/9/updates-testing/SRPMS/unzip-5.50-33.1.legacy.src.rpm fc1: 473bf802cf9257684f534cb99e7813e4257bf189 fedora/1/updates-testing/i386/unzip-5.50-35.1.legacy.i386.rpm 5f5fba20950799ed5676fa1e65044f3b2a61c497 fedora/1/updates-testing/SRPMS/unzip-5.50-35.1.legacy.src.rpm fc2: 475ae5bed64d3273ccd986d5ee55bd5300b9b01f fedora/2/updates-testing/i386/unzip-5.50-37.1.legacy.i386.rpm 4d35e2bceeb45747e415b66deea0e955b258889e fedora/2/updates-testing/SRPMS/unzip-5.50-37.1.legacy.src.rpm fc3: 3fdea3917830be7fd801a2872ef2caa115592d13 fedora/3/updates-testing/i386/unzip-5.51-4.fc3.1.legacy.i386.rpm a55ddb890db2308be565ea22057624808afda1b3 fedora/3/updates-testing/x86_64/unzip-5.51-4.fc3.1.legacy.x86_64.rpm e1f9b432cec0100d9a50ad99d3b72c8b19aea8b4 fedora/3/updates-testing/SRPMS/unzip-5.51-4.fc3.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
