MDKSA-2003:073
- Package name
- unzip
- Date
- 2003-07-07
- Advisory ID
- MDKSA-2003:073
- Affected versions
- 9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586
Problem description
A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the "-:" command line option is used.
Updated packages
9.1 i586
27dcadbb90d10e8a707ed0ada31ace4c 9.1/RPMS/unzip-5.50-4.1mdk.i586.rpm 1b16ee3b0288fbed97d46c3542765d1d 9.1/SRPMS/unzip-5.50-4.1mdk.src.rpm
CS2.1 x86_64
96ba0a37cde8a7629bba206f03cc87c8 x86_64/corporate/2.1/RPMS/unzip-5.50-4.1mdk.x86_64.rpm 1b16ee3b0288fbed97d46c3542765d1d x86_64/corporate/2.1/SRPMS/unzip-5.50-4.1mdk.src.rpm
CS2.1 i586
a46b18334a96f2e2a6fa0bba82c3abe5 corporate/2.1/RPMS/unzip-5.50-4.1mdk.i586.rpm 1b16ee3b0288fbed97d46c3542765d1d corporate/2.1/SRPMS/unzip-5.50-4.1mdk.src.rpm
9.0 i586
a46b18334a96f2e2a6fa0bba82c3abe5 9.0/RPMS/unzip-5.50-4.1mdk.i586.rpm 1b16ee3b0288fbed97d46c3542765d1d 9.0/SRPMS/unzip-5.50-4.1mdk.src.rpm
8.2 i586
2b6f9fa219510dc5d0f3c8a4c5b0ff7a 8.2/RPMS/unzip-5.50-4.1mdk.i586.rpm 1b16ee3b0288fbed97d46c3542765d1d 8.2/SRPMS/unzip-5.50-4.1mdk.src.rpm
MNF8.2 i586
2b6f9fa219510dc5d0f3c8a4c5b0ff7a mnf8.2/RPMS/unzip-5.50-4.1mdk.i586.rpm 1b16ee3b0288fbed97d46c3542765d1d mnf8.2/SRPMS/unzip-5.50-4.1mdk.src.rpm
9.1 i586
277fed45dc8ae6724b4fadc158783c56 ppc/9.1/RPMS/unzip-5.50-4.1mdk.ppc.rpm 1b16ee3b0288fbed97d46c3542765d1d ppc/9.1/SRPMS/unzip-5.50-4.1mdk.src.rpm
8.2 i586
f69c968aa6da2d9a8cfa4696b12b3860 ppc/8.2/RPMS/unzip-5.50-4.1mdk.ppc.rpm 1b16ee3b0288fbed97d46c3542765d1d ppc/8.2/SRPMS/unzip-5.50-4.1mdk.src.rpm