Package name
unzip
Date
2006-02-27
Advisory ID
MDKSA-2006:050
Affected versions
MNF2.0 i586 , 2006.0 i586 , 10.2 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

A buffer overflow was foiund in how unzip handles file name arguments.
If a user could tricked into processing a specially crafted,
excessively long file name with unzip, an attacker could execute
arbitrary code with the user's privileges.

The updated packages have been patched to address this issue.

Updated packages

MNF2.0 i586

 075d5b7cefc2a93053e48dde5adb09ee  mnf/2.0/RPMS/unzip-5.50-9.3.M20mdk.i586.rpm
 12e0a95ab72239096c9110f8a1f98661  mnf/2.0/SRPMS/unzip-5.50-9.3.M20mdk.src.rpm

2006.0 i586

 3d3dcc95fccacd8033c452774994da1e  2006.0/RPMS/unzip-5.52-1.3.20060mdk.i586.rpm
 d45d6caaf656e5f04ce934a61a48a3e6  2006.0/SRPMS/unzip-5.52-1.3.20060mdk.src.rpm

10.2 i586

 56ed53b98b79934d0f4292a4e067eae6  10.2/RPMS/unzip-5.51-1.3.102mdk.i586.rpm
 33b9f50fab728e3b3c38c6d4f4002314  10.2/SRPMS/unzip-5.51-1.3.102mdk.src.rpm

CS3.0 x86_64

 adce6e507a360b3132ec83f038d44bd7  x86_64/corporate/3.0/RPMS/unzip-5.50-9.3.C30mdk.x86_64.rpm
 f3693c4ebec532b5a86f382981c81a4c  x86_64/corporate/3.0/SRPMS/unzip-5.50-9.3.C30mdk.src.rpm

CS3.0 i586

 9ebf9de576ed5f9ca73362e7bea27849  corporate/3.0/RPMS/unzip-5.50-9.3.C30mdk.i586.rpm
 f3693c4ebec532b5a86f382981c81a4c  corporate/3.0/SRPMS/unzip-5.50-9.3.C30mdk.src.rpm

10.2 x86_64

 4dde5ce888845056867be10129f61df4  x86_64/10.2/RPMS/unzip-5.51-1.3.102mdk.x86_64.rpm
 33b9f50fab728e3b3c38c6d4f4002314  x86_64/10.2/SRPMS/unzip-5.51-1.3.102mdk.src.rpm

2006.0 x86_64

 b73080d55771a4a9572d9879b55db012  x86_64/2006.0/RPMS/unzip-5.52-1.3.20060mdk.x86_64.rpm
 d45d6caaf656e5f04ce934a61a48a3e6  x86_64/2006.0/SRPMS/unzip-5.52-1.3.20060mdk.src.rpm

References