#2205: Unzip-5.52 Vulnerability -----------------------------------------+---------------------------------- Reporter: [EMAIL PROTECTED] | Owner: [email protected] Type: task | Status: new Priority: high | Milestone: 6.2.0 Component: BOOK | Version: SVN Severity: critical | Keywords: -----------------------------------------+---------------------------------- From the info zip web site:
"The Unix port of !UnZip 5.52 is reported to have a race-condition vulnerability, whereby a local attacker could change the permissions of the user's files during unpacking. (This has been assigned CVE #CAN-2005-2475.) " Most locations have pulled the 5.52 sources, but they are still on anduin. A warning needs to be put into the book until a new version is released. -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2205> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
