Nom du paquet
unzip
Date
2003-07-07
Advisory ID
MDKSA-2003:073
Affected versions
9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586

Problem description

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the "-:" command line option is used.

Updated packages

9.1 i586

 27dcadbb90d10e8a707ed0ada31ace4c  9.1/RPMS/unzip-5.50-4.1mdk.i586.rpm
1b16ee3b0288fbed97d46c3542765d1d  9.1/SRPMS/unzip-5.50-4.1mdk.src.rpm

CS2.1 x86_64

 96ba0a37cde8a7629bba206f03cc87c8  x86_64/corporate/2.1/RPMS/unzip-5.50-4.1mdk.x86_64.rpm
1b16ee3b0288fbed97d46c3542765d1d  x86_64/corporate/2.1/SRPMS/unzip-5.50-4.1mdk.src.rpm

CS2.1 i586

 a46b18334a96f2e2a6fa0bba82c3abe5  corporate/2.1/RPMS/unzip-5.50-4.1mdk.i586.rpm
1b16ee3b0288fbed97d46c3542765d1d  corporate/2.1/SRPMS/unzip-5.50-4.1mdk.src.rpm

9.0 i586

 a46b18334a96f2e2a6fa0bba82c3abe5  9.0/RPMS/unzip-5.50-4.1mdk.i586.rpm
1b16ee3b0288fbed97d46c3542765d1d  9.0/SRPMS/unzip-5.50-4.1mdk.src.rpm

8.2 i586

 2b6f9fa219510dc5d0f3c8a4c5b0ff7a  8.2/RPMS/unzip-5.50-4.1mdk.i586.rpm
1b16ee3b0288fbed97d46c3542765d1d  8.2/SRPMS/unzip-5.50-4.1mdk.src.rpm

MNF8.2 i586

 2b6f9fa219510dc5d0f3c8a4c5b0ff7a  mnf8.2/RPMS/unzip-5.50-4.1mdk.i586.rpm
1b16ee3b0288fbed97d46c3542765d1d  mnf8.2/SRPMS/unzip-5.50-4.1mdk.src.rpm

9.1 i586

 277fed45dc8ae6724b4fadc158783c56  ppc/9.1/RPMS/unzip-5.50-4.1mdk.ppc.rpm
1b16ee3b0288fbed97d46c3542765d1d  ppc/9.1/SRPMS/unzip-5.50-4.1mdk.src.rpm

8.2 i586

 f69c968aa6da2d9a8cfa4696b12b3860  ppc/8.2/RPMS/unzip-5.50-4.1mdk.ppc.rpm
1b16ee3b0288fbed97d46c3542765d1d  ppc/8.2/SRPMS/unzip-5.50-4.1mdk.src.rpm

References