Package name
unzip
Date
2002-10-10
Advisory ID
MDKSA-2002:065
Affected versions
8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash).

Updated packages

8.1 i586

 5effdffc706442ddd5ef933b139805bc  ia64/8.1/RPMS/unzip-5.50-2.1mdk.ia64.rpm
af61004cadf81c51aee95ceaa0f66d17  ia64/8.1/SRPMS/unzip-5.50-2.1mdk.src.rpm

SNF7.2 i586

 ab909f58fa8b6cac86bfc95813035579  snf7.2/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  snf7.2/SRPMS/unzip-5.50-2.1mdk.src.rpm

CS1.0 i586

 ab909f58fa8b6cac86bfc95813035579  1.0.1/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  1.0.1/SRPMS/unzip-5.50-2.1mdk.src.rpm

8.1 i586

 9c684644594628a09247ada42a566185  8.1/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  8.1/SRPMS/unzip-5.50-2.1mdk.src.rpm

8.0 i586

 d70fef1d9a8c1ff7eccff62e283d1992  8.0/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  8.0/SRPMS/unzip-5.50-2.1mdk.src.rpm

8.2 i586

 33bf02cef205d3b4d4e66c49618a67cf  8.2/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  8.2/SRPMS/unzip-5.50-2.1mdk.src.rpm

8.0 i586

 5e8d9366e92efd764e8f08f394b0fe60  ppc/8.0/RPMS/unzip-5.50-2.1mdk.ppc.rpm
af61004cadf81c51aee95ceaa0f66d17  ppc/8.0/SRPMS/unzip-5.50-2.1mdk.src.rpm

8.2 i586

 0f1c77bf8ab5ef1399eb906c98e2b269  ppc/8.2/RPMS/unzip-5.50-2.1mdk.ppc.rpm
af61004cadf81c51aee95ceaa0f66d17  ppc/8.2/SRPMS/unzip-5.50-2.1mdk.src.rpm

7.1 i586

 ab909f58fa8b6cac86bfc95813035579  7.1/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  7.1/SRPMS/unzip-5.50-2.1mdk.src.rpm

7.2 i586

 ab909f58fa8b6cac86bfc95813035579  7.2/RPMS/unzip-5.50-2.1mdk.i586.rpm
af61004cadf81c51aee95ceaa0f66d17  7.2/SRPMS/unzip-5.50-2.1mdk.src.rpm

References