CVE-2014-9636

Publication date 31 December 2014

Last updated 24 July 2024

Ubuntu priority

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
unzip	14.10 utopic	Fixed 6.0-12ubuntu1.2
	14.04 LTS trusty	Fixed 6.0-9ubuntu1.2
	12.04 LTS precise	Fixed 6.0-4ubuntu2.2
	10.04 LTS lucid	Fixed 6.0-1ubuntu0.2

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
unzip	Other: http://www.info-zip.org/phpBB3/download/file.php?id=95&sid=95e98be32f791909977347bca032d3bc

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2489-1
unzip vulnerability
3 February 2015

Other references

http://seclists.org/oss-sec/2014/q4/489
http://seclists.org/oss-sec/2014/q4/507
https://www.cve.org/CVERecord?id=CVE-2014-9636