Security update for unzip SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2978-1 Final 1 1 2018-10-02T14:30:55Z current 2018-10-02T14:30:55Z 2018-10-02T14:30:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for unzip This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed: +- Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP3-2018-2117,SUSE-SLE-SERVER-12-SP3-2018-2117 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ Link for SUSE-SU-2018:2978-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004635.html E-Mail link for SUSE-SU-2018:2978-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1013992 SUSE Bug 1013992 https://bugzilla.suse.com/1013993 SUSE Bug 1013993 https://bugzilla.suse.com/1080074 SUSE Bug 1080074 https://bugzilla.suse.com/910683 SUSE Bug 910683 https://bugzilla.suse.com/914442 SUSE Bug 914442 https://bugzilla.suse.com/950110 SUSE Bug 950110 https://bugzilla.suse.com/950111 SUSE Bug 950111 https://www.suse.com/security/cve/CVE-2014-9636/ SUSE CVE CVE-2014-9636 page https://www.suse.com/security/cve/CVE-2014-9913/ SUSE CVE CVE-2014-9913 page https://www.suse.com/security/cve/CVE-2015-7696/ SUSE CVE CVE-2015-7696 page https://www.suse.com/security/cve/CVE-2015-7697/ SUSE CVE CVE-2015-7697 page https://www.suse.com/security/cve/CVE-2016-9844/ SUSE CVE CVE-2016-9844 page https://www.suse.com/security/cve/CVE-2018-1000035/ SUSE CVE CVE-2018-1000035 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 unzip-6.00-33.8.1 unzip-6.00-33.8.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 unzip-6.00-33.8.1 as a component of SUSE Linux Enterprise Server 12 SP3 unzip-6.00-33.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. CVE-2014-9636 SUSE Linux Enterprise Desktop 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:unzip-6.00-33.8.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ https://www.suse.com/security/cve/CVE-2014-9636.html CVE-2014-9636 https://bugzilla.suse.com/914442 SUSE Bug 914442 Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. CVE-2014-9913 SUSE Linux Enterprise Desktop 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:unzip-6.00-33.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ https://www.suse.com/security/cve/CVE-2014-9913.html CVE-2014-9913 https://bugzilla.suse.com/1013993 SUSE Bug 1013993 https://bugzilla.suse.com/1159417 SUSE Bug 1159417 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. CVE-2015-7696 SUSE Linux Enterprise Desktop 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:unzip-6.00-33.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ https://www.suse.com/security/cve/CVE-2015-7696.html CVE-2015-7696 https://bugzilla.suse.com/1159417 SUSE Bug 1159417 https://bugzilla.suse.com/950110 SUSE Bug 950110 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. CVE-2015-7697 SUSE Linux Enterprise Desktop 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:unzip-6.00-33.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ https://www.suse.com/security/cve/CVE-2015-7697.html CVE-2015-7697 https://bugzilla.suse.com/1159417 SUSE Bug 1159417 https://bugzilla.suse.com/950110 SUSE Bug 950110 https://bugzilla.suse.com/950111 SUSE Bug 950111 Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. CVE-2016-9844 SUSE Linux Enterprise Desktop 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:unzip-6.00-33.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ https://www.suse.com/security/cve/CVE-2016-9844.html CVE-2016-9844 https://bugzilla.suse.com/1013992 SUSE Bug 1013992 https://bugzilla.suse.com/1159417 SUSE Bug 1159417 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. CVE-2018-1000035 SUSE Linux Enterprise Desktop 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server 12 SP3:unzip-6.00-33.8.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:unzip-6.00-33.8.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/ https://www.suse.com/security/cve/CVE-2018-1000035.html CVE-2018-1000035 https://bugzilla.suse.com/1076531 SUSE Bug 1076531 https://bugzilla.suse.com/1080074 SUSE Bug 1080074 https://bugzilla.suse.com/1149684 SUSE Bug 1149684 https://bugzilla.suse.com/1159417 SUSE Bug 1159417 https://bugzilla.suse.com/1196768 SUSE Bug 1196768