FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
86c3c66e-b2f5-11e5-863a-b499baebfeafunzip -- multiple vulnerabilities

Gustavo Grieco reports:

Two issues were found in unzip 6.0:

* A heap overflow triggered by unzipping a file with password (e.g unzip -p -P x sigsegv.zip).

* A denegation of service with a file that never finishes unzipping (e.g. unzip sigxcpu.zip).


Discovery 2015-09-26
Entry 2016-01-04
unzip
< 6.0_7

http://www.openwall.com/lists/oss-security/2015/09/07/4
ports/204413
CVE-2015-7696
CVE-2015-7697
9750cf22-216d-11da-bc01-000e0c2e438aunzip -- permission race vulnerability

Imran Ghory reports a vulnerability within unzip. The vulnerability is caused by a race condition between extracting an archive and changing the permissions of the extracted files. This would give an attacker enough time to remove a file and hardlink it to another file owned by the user running unzip. When unzip changes the permissions of the file it could give the attacker access to files that normally would not have been accessible for others.


Discovery 2005-08-02
Entry 2005-09-13
unzip
zh-unzip
ko-unzip
< 5.52_2

14450
CVE-2005-2475
http://marc.theaimsgroup.com/?l=bugtraq&m=112300046224117
3680b234-b6f0-11e4-b7cc-d050992ecde8unzip -- heap based buffer overflow in iconv patch

Ubuntu Security Notice USN-2502-1 reports:

unzip could be made to run programs if it opened a specially crafted file.


Discovery 2015-02-17
Entry 2015-02-17
unzip
< 6.0_5

CVE-2015-1315
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1315.html
https://security-tracker.debian.org/tracker/CVE-2015-1315
http://www.ubuntu.com/usn/usn-2502-1/
d9360908-9d52-11e4-87fd-10bf48e1088eunzip -- input sanitization errors

oCERT reports:

The UnZip tool is an open source extraction utility for archives compressed in the zip format.

The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() functions. The input errors may result in arbitrary code execution.

A specially crafted zip file, passed to unzip -t, can be used to trigger the vulnerability.


Discovery 2014-12-03
Entry 2015-01-16
unzip
le 6.0_2

CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
http://www.info-zip.org/UnZip.html
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
https://bugzilla.redhat.com/show_bug.cgi?id=1174856
e543c6f8-abf2-11e4-8ac7-d050992ecde8unzip -- out of boundary access issues in test_compr_eb

Ubuntu Security Notice USN-2489-1 reports:

Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.


Discovery 2014-11-02
Entry 2015-02-03
unzip
< 6.0_4

CVE-2014-9636
http://www.ubuntu.com/usn/usn-2489-1/
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9636.html
http://seclists.org/oss-sec/2014/q4/489
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450