USN-248-1: unzip vulnerability

15 February 2006

unzip vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

A buffer overflow was discovered in the handling of file name arguments. By tricking a user or automated system into processing a specially crafted, excessively long file name with unzip, an attacker could exploit this to execute arbitrary code with the user’s privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
unzip
Ubuntu 5.04
unzip
Ubuntu 4.10
unzip

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References