The unzip utility is used to list, test, or extract files from a zip archive.
A race condition was found in Unzip. Local users could use this flaw to
modify permissions of arbitrary files via a hard link attack on a file
while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long
file name, an attacker could execute arbitrary code with that user’s
privileges. (CVE-2005-4667)
As well, this update adds support for files larger than 2GB.
All users of unzip should upgrade to these updated packages, which
contain backported patches that resolve these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.ppc.rpm |
RedHat | any | src | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.src.rpm |
RedHat | any | ia64 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.ia64.rpm |
RedHat | any | s390 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.s390.rpm |
RedHat | any | s390x | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.s390x.rpm |
RedHat | any | i386 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.i386.rpm |
RedHat | any | x86_64 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.x86_64.rpm |