Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703152 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3152-1 (unzip - security update) |
Zusammenfassung: | A flaw was found in the test_compr_eb();function allowing out-of-bounds read and write access to memory locations. By;carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow,;resulting in application crash or possibly having other unspecified impact. |
Beschreibung: | Summary: A flaw was found in the test_compr_eb() function allowing out-of-bounds read and write access to memory locations. By carefully crafting a corrupt ZIP archive an attacker can trigger a heap overflow, resulting in application crash or possibly having other unspecified impact. Affected Software/OS: unzip on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 6.0-8+deb7u2. Additionally this update corrects a defective patch applied to address CVE-2014-8139, which caused a regression with executable jar files. For the unstable distribution (sid), this problem has been fixed in version 6.0-15. The defective patch applied to address CVE-2014-8139 was corrected in version 6.0-16. We recommend that you upgrade your unzip packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-8139 http://www.ocert.org/advisories/ocert-2014-011.html http://www.securitytracker.com/id/1031433 https://access.redhat.com/errata/RHSA-2015:0700 https://bugzilla.redhat.com/show_bug.cgi?id=1174844 Common Vulnerability Exposure (CVE) ID: CVE-2014-9636 BugTraq ID: 71825 http://www.securityfocus.com/bid/71825 Debian Security Information: DSA-3152 (Google Search) http://www.debian.org/security/2015/dsa-3152 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html https://security.gentoo.org/glsa/201611-01 http://seclists.org/oss-sec/2014/q4/489 http://seclists.org/oss-sec/2014/q4/496 http://seclists.org/oss-sec/2015/q1/216 http://seclists.org/oss-sec/2014/q4/1131 http://secunia.com/advisories/62738 http://secunia.com/advisories/62751 http://www.ubuntu.com/usn/USN-2489-1 |
Copyright | Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |