[3.3] Heap overflow and DoS in unzip 6.0
Two issues were found in unzip 6.0:
- A heap overflow triggered by unzipping a file with password (e.g
unzip -p -P x sigsegv.zip) - A denegation of service with a file that never finishes unzipping
(e.g. unzip sigxcpu.zip).
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1260944
http://seclists.org/oss-sec/2015/q3/552 (no CVE)
Patches:
https://bugzilla.redhat.com/attachment.cgi?id=1073339
https://bugzilla.redhat.com/attachment.cgi?id=1075942
(from redmine: issue id 4756, created on 2015-10-08, closed on 2015-10-14)
- Relations:
- parent #4755 (closed)
- Changesets:
- Revision 9eef5b5c by Natanael Copa on 2015-10-13T14:58:28Z:
main/unzip: heap overflow and DoS security fix
ref #4755
fixes #4756