(RHSA-2007:0203) Low: unzip security and bug fix update

2007-05-0100:00:00

access.redhat.com

EPSS

0.002

Percentile

58.8%

JSON

The unzip utility is used to list, test, or extract files from a zip archive.

A race condition was found in Unzip. Local users could use this flaw to
modify permissions of arbitrary files via a hard link attack on a file
while it was being decompressed (CVE-2005-2475)

A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long
file name, an attacker could execute arbitrary code with that user’s
privileges. (CVE-2005-4667)

As well, this update adds support for files larger than 2GB.

All users of unzip should upgrade to these updated packages, which
contain backported patches that resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyppcunzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.ppc.rpm
RedHatanysrcunzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.src.rpm
RedHatanyia64unzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.ia64.rpm
RedHatanys390unzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.s390.rpm
RedHatanys390xunzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.s390x.rpm
RedHatanyi386unzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.i386.rpm
RedHatanyx86_64unzip< 5.51-9.EL4.5unzip-5.51-9.EL4.5.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.ppc.rpm
RedHat	any	src	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.src.rpm
RedHat	any	ia64	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.ia64.rpm
RedHat	any	s390	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.s390.rpm
RedHat	any	s390x	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.s390x.rpm
RedHat	any	i386	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.i386.rpm
RedHat	any	x86_64	unzip	< 5.51-9.EL4.5	unzip-5.51-9.EL4.5.x86_64.rpm

EPSS

0.002

Percentile

58.8%

JSON

Related for RHSA-2007:0203