Security update for unzip SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2529-1 Final 1 1 2016-10-13T14:24:57Z current 2016-10-13T14:24:57Z 2016-10-13T14:24:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for unzip This update for unzip fixes the following issues: - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-10/msg00050.html E-Mail link for openSUSE-SU-2016:2529-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 unzip-6.00-26.7.1 unzip-debuginfo-6.00-26.7.1 unzip-debugsource-6.00-26.7.1 unzip-doc-6.00-26.7.1 unzip-rcc-6.00-26.7.1 unzip-rcc-debuginfo-6.00-26.7.1 unzip-rcc-debugsource-6.00-26.7.1 unzip-6.00-26.7.1 as a component of openSUSE 13.2 unzip-debuginfo-6.00-26.7.1 as a component of openSUSE 13.2 unzip-debugsource-6.00-26.7.1 as a component of openSUSE 13.2 unzip-doc-6.00-26.7.1 as a component of openSUSE 13.2 unzip-rcc-6.00-26.7.1 as a component of openSUSE 13.2 unzip-rcc-debuginfo-6.00-26.7.1 as a component of openSUSE 13.2 unzip-rcc-debugsource-6.00-26.7.1 as a component of openSUSE 13.2 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. CVE-2015-7696 openSUSE 13.2:unzip-6.00-26.7.1 openSUSE 13.2:unzip-debuginfo-6.00-26.7.1 openSUSE 13.2:unzip-debugsource-6.00-26.7.1 openSUSE 13.2:unzip-doc-6.00-26.7.1 openSUSE 13.2:unzip-rcc-6.00-26.7.1 openSUSE 13.2:unzip-rcc-debuginfo-6.00-26.7.1 openSUSE 13.2:unzip-rcc-debugsource-6.00-26.7.1 low Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00050.html https://www.suse.com/security/cve/CVE-2015-7696.html CVE-2015-7696 https://bugzilla.suse.com/950110 SUSE Bug 950110 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. CVE-2015-7697 openSUSE 13.2:unzip-6.00-26.7.1 openSUSE 13.2:unzip-debuginfo-6.00-26.7.1 openSUSE 13.2:unzip-debugsource-6.00-26.7.1 openSUSE 13.2:unzip-doc-6.00-26.7.1 openSUSE 13.2:unzip-rcc-6.00-26.7.1 openSUSE 13.2:unzip-rcc-debuginfo-6.00-26.7.1 openSUSE 13.2:unzip-rcc-debugsource-6.00-26.7.1 low Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-10/msg00050.html https://www.suse.com/security/cve/CVE-2015-7697.html CVE-2015-7697 https://bugzilla.suse.com/950110 SUSE Bug 950110 https://bugzilla.suse.com/950111 SUSE Bug 950111