The unzip utility is used to list, test, or extract files from a zip
archive.
An invalid pointer flaw was found in unzip. If a user ran unzip on a
specially crafted file, an attacker could execute arbitrary code with that
user’s privileges. (CVE-2008-0888)
Red Hat would like to thank Tavis Ormandy of the Google Security Team for
reporting this issue.
All unzip users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | unzip | < 5.50-36.EL3 | unzip-5.50-36.EL3.i386.rpm |
RedHat | any | s390 | unzip | < 5.50-36.EL3 | unzip-5.50-36.EL3.s390.rpm |
RedHat | any | s390x | unzip | < 5.50-36.EL3 | unzip-5.50-36.EL3.s390x.rpm |
RedHat | any | ia64 | unzip | < 5.50-31.EL2.1 | unzip-5.50-31.EL2.1.ia64.rpm |
RedHat | any | x86_64 | unzip | < 5.50-36.EL3 | unzip-5.50-36.EL3.x86_64.rpm |
RedHat | any | ppc | unzip | < 5.50-36.EL3 | unzip-5.50-36.EL3.ppc.rpm |
RedHat | any | ia64 | unzip | < 5.50-36.EL3 | unzip-5.50-36.EL3.ia64.rpm |
RedHat | any | i386 | unzip | < 5.50-31.EL2.1 | unzip-5.50-31.EL2.1.i386.rpm |