Amazon Linux 1 Security Advisory: ALAS-2015-504
Advisory Release Date: 2015-04-15 21:48 Pacific
Advisory Updated Date: 2015-04-15 22:15 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636)
A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139)
An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140)
A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141)
Affected Packages:
unzip
Issue Correction:
Run yum update unzip to update your system.
i686:
unzip-debuginfo-6.0-2.9.amzn1.i686
unzip-6.0-2.9.amzn1.i686
src:
unzip-6.0-2.9.amzn1.src
x86_64:
unzip-debuginfo-6.0-2.9.amzn1.x86_64
unzip-6.0-2.9.amzn1.x86_64