==========================================================================
Ubuntu Security Notice USN-4672-1
December 16, 2020
unzip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in unzip.
Software Description:
– unzip: De-archiver for .zip files
Details:
Rene Freingruber discovered that unzip incorrectly handled certain
specially crafted password protected ZIP archives. If a user or automated
system using unzip were tricked into opening a specially crafted zip file,
an attacker could exploit this to cause a crash, resulting in a denial of
service. (CVE-2018-1000035)
Antonio Carista discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2018-18384)
It was discovered that unzip incorrectly handled certain specially crafted
ZIP archives. If a user or automated system using unzip were tricked into
opening a specially crafted zip file, an attacker could exploit this to
cause resource consumption, resulting in a denial of service.
(CVE-2019-13232)
Martin Carpenter discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2014-9913)
Alexis Vanden Eijnde discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2016-9844)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
unzip 6.0-21ubuntu1.1
Ubuntu 16.04 LTS:
unzip 6.0-20ubuntu1.1
Ubuntu 14.04 ESM:
unzip 6.0-9ubuntu1.6
Ubuntu 12.04 ESM:
unzip 6.0-4ubuntu2.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4672-1
CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384,
CVE-2019-13232
Package Information:
https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1
https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1
<html>
<head>
<meta http-equiv=”content-type” content=”text/html; charset=UTF-8″>
</head>
<body>
<p>
</p>
<div class=”moz-text-plain” wrap=”true” style=”font-family:
-moz-fixed; font-size: 12px;” lang=”x-unicode”>
<pre class=”moz-quote-pre” wrap=””>==========================================================================
Ubuntu Security Notice USN-4672-1
December 16, 2020
unzip vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in unzip.
Software Description:
– unzip: De-archiver for .zip files
Details:
Rene Freingruber discovered that unzip incorrectly handled certain
specially crafted password protected ZIP archives. If a user or automated
system using unzip were tricked into opening a specially crafted zip file,
an attacker could exploit this to cause a crash, resulting in a denial of
service. (CVE-2018-1000035)
Antonio Carista discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
(CVE-2018-18384)
It was discovered that unzip incorrectly handled certain specially crafted
ZIP archives. If a user or automated system using unzip were tricked into
opening a specially crafted zip file, an attacker could exploit this to
cause resource consumption, resulting in a denial of service.
(CVE-2019-13232)
Martin Carpenter discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2014-9913)
Alexis Vanden Eijnde discovered that unzip incorrectly handled certain
specially crafted ZIP archives. If a user or automated system using unzip
were tricked into opening a specially crafted zip file, an attacker could
exploit this to cause a crash, resulting in a denial of service. This
issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04
LTS. (CVE-2016-9844)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
unzip 6.0-21ubuntu1.1
Ubuntu 16.04 LTS:
unzip 6.0-20ubuntu1.1
Ubuntu 14.04 ESM:
unzip 6.0-9ubuntu1.6
Ubuntu 12.04 ESM:
unzip 6.0-4ubuntu2.6
In general, a standard system update will make all the necessary changes.
References:
<a class=”moz-txt-link-freetext” href=”https://usn.ubuntu.com/4672-1″>https://usn.ubuntu.com/4672-1</a>
CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384,
CVE-2019-13232
Package Information:
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1″>https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1″>https://launchpad.net/ubuntu/+source/unzip/6.0-20ubuntu1.1</a>
</pre>
</div>
</body>
</html>
—–BEGIN PGP SIGNATURE—–
iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl/acKcACgkQtGdj0GOh
2+x50AgAy82mJNR8bCIKU66uB4xGIbvJ9pU0MBsaS5z68h0bZg2TKoKK0dkqE5AX
ScDl8od4+fLup2JghU5bBbgS7Vr5R/dW2QiUiCifnPDDdS/A+mi8oudoD2WnVr/A
Grmi+QaVjPfodoyThgrJkFFu75xPWdZ8DEYBSME7D5PrDuwDNnjpegnG9wKNlwR8
I6bcMzL5Zd0Cq0fgnUsvxg82d+YVGFCqDeRErOcjDabMyFmxN3jA9vLGIKDjvraG
bfl3ed0j9lr1syG+fhVY36nbU06OnxJy4jp/pGSG99S07/GvzN6nsjWy5zsPzfLa
zfYKAqhlb42rw46fYu1ziSGsWcLKDg==
=aA4a
—–END PGP SIGNATURE—–
—
