#2506: Unzip 5.52 vulnerability. -------------------------------------+-------------------------------------- Reporter: [EMAIL PROTECTED] | Owner: [email protected] Type: task | Status: new Priority: normal | Milestone: 6.3 Component: BOOK | Version: SVN Severity: normal | Keywords: -------------------------------------+-------------------------------------- Tavis Ormandy of the Google Security Team (aka taviso from gentoo) discovered that the NEEDBITS macro in the inflate_dynamic() function in the file inflate.c can be invoked using invalid buffers, which can lead to a double free.
Impact ====== Remote attackers could entice a user or automated system to open a specially crafted ZIP file that might lead to the execution of arbitrary code or a Denial of Service. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 http://www.debian.org/security/2008/dsa-1522 http://bugs.gentoo.org/show_bug.cgi?id=213761 As a side note, I can't really verify the following statement in the book, as the link [1] to this patch is no longer available. "Note that if you applied the patch described above for locale issues, the required security patch will have some offsets." Please also note that the patch from gentoo and debian differs, as the gentoo one, crops the last two statements as unnecessary (see gentoo bug #213761 link above). 1. https://bugzilla.altlinux.ru/attachment.cgi?id=532 -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2506> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
