Synopsis
The remote Fedora host is missing a security update.
Description
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
- Fix buffer overflow on long file sizes (#1191136)
- CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
- Fix buffer overflow on long file sizes (#1191136)
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)
- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)
- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)
- Fix buffer overflow on long file sizes (#1191136)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected unzip package.
Plugin Details
File Name: fedora_2015-1993.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:unzip, cpe:/o:fedoraproject:fedora:20
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 2/14/2015