Bugzilla – Bug 914442
VUL-1: CVE-2014-9636: unzip: out-of-bounds read/write in test_compr_eb() in extract.c
Last modified: 2018-12-02 15:43:55 UTC
rh#1184985 It was reported [1] that OOB access (both read and write) issues exist in test_compr_eb (extract.c) that can result in application crash or other unspecified impact. This vulnerability can be triggered via crafted zip archives with extra fields that advertise STORED method compression (i.e. no compression) and have uncompressed field sizes smaller than the corresponding compressed field sizes. This issue is different from CVE-2014-8140 [2]. Proposed patch is attached. Upstream bugreport: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 References: [1]: http://seclists.org/oss-sec/2014/q4/1131 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140 https://bugzilla.redhat.com/show_bug.cgi?id=1184985 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9636.html
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-12. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60438
Created attachment 623063 [details] Updated patch The original patch isn't sufficient. Updated patch from upstream available here. http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff He posted a minor style change that I included in the patch
SUSE-SU-2015:0355-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 914442 CVE References: CVE-2014-9636 Sources used: SUSE Linux Enterprise Server 12 (src): unzip-6.00-32.1 SUSE Linux Enterprise Desktop 12 (src): unzip-6.00-32.1
SUSE-SU-2015:0377-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 909214,914442 CVE References: CVE-2014-8139,CVE-2014-9636 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): unzip-6.00-11.13.1 SUSE Linux Enterprise Server 11 SP3 (src): unzip-6.00-11.13.1 SUSE Linux Enterprise Desktop 11 SP3 (src): unzip-6.00-11.13.1
relkeased
SUSE-SU-2018:1883-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1080074,910683,914442 CVE References: CVE-2014-9636,CVE-2018-1000035 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): unzip-6.00-4.3.1
openSUSE-SU-2018:1914-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1080074,910683,914442 CVE References: CVE-2014-9636,CVE-2018-1000035 Sources used: openSUSE Leap 15.0 (src): unzip-6.00-lp150.3.3.1, unzip-rcc-6.00-lp150.3.3.1
SUSE-SU-2018:2978-1: An update that solves 6 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1013992,1013993,1080074,910683,914442,950110,950111 CVE References: CVE-2014-9636,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844,CVE-2018-1000035 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): unzip-6.00-33.8.1 SUSE Linux Enterprise Desktop 12-SP3 (src): unzip-6.00-33.8.1
openSUSE-SU-2018:3043-1: An update that solves 6 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1013992,1013993,1080074,910683,914442,950110,950111 CVE References: CVE-2014-9636,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844,CVE-2018-1000035 Sources used: openSUSE Leap 42.3 (src): unzip-6.00-31.3.1, unzip-rcc-6.00-31.3.1