[Secure-testing-team] Bug#847486: unzip: CVE-2016-9844: zipinfo buffer overflow

Thu, 08 Dec 2016 08:36:28 -0800 

Source: unzip
Version: 6.0-16
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for unzip.

CVE-2016-9844[0]:
zipinfo buffer overflow

$ zipinfo PoZ.zip
Archive:  PoZ.zip
Zip file size: 154 bytes, number of entries: 1
*** buffer overflow detected ***: zipinfo terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fa180448bcb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fa1804d10e7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7220)[0x7fa1804cf220]
/lib/x86_64-linux-gnu/libc.so.6(+0xf67d9)[0x7fa1804ce7d9]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xac)[0x7fa18044cbec]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0xcd3)[0x7fa18041f9f3]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x8c)[0x7fa1804ce86c]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7fa1804ce7bd]
zipinfo[0x416a9b]
zipinfo[0x410f9a]
zipinfo[0x41172f]
zipinfo[0x403c61]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fa1803f82b1]
zipinfo[0x401e39]
======= Memory map: ========
00400000-00426000 r-xp 00000000 fd:00 276486                             
/usr/bin/zipinfo
00625000-00626000 r--p 00025000 fd:00 276486                             
/usr/bin/zipinfo
00626000-00627000 rw-p 00026000 fd:00 276486                             
/usr/bin/zipinfo
00627000-00719000 rw-p 00000000 00:00 0
01030000-01051000 rw-p 00000000 00:00 0                                  [heap]
7fa1801c1000-7fa1801d7000 r-xp 00000000 fd:00 524295                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fa1801d7000-7fa1803d6000 ---p 00016000 fd:00 524295                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fa1803d6000-7fa1803d7000 r--p 00015000 fd:00 524295                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fa1803d7000-7fa1803d8000 rw-p 00016000 fd:00 524295                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7fa1803d8000-7fa18056d000 r-xp 00000000 fd:00 531855                     
/lib/x86_64-linux-gnu/libc-2.24.so
7fa18056d000-7fa18076c000 ---p 00195000 fd:00 531855                     
/lib/x86_64-linux-gnu/libc-2.24.so
7fa18076c000-7fa180770000 r--p 00194000 fd:00 531855                     
/lib/x86_64-linux-gnu/libc-2.24.so
7fa180770000-7fa180772000 rw-p 00198000 fd:00 531855                     
/lib/x86_64-linux-gnu/libc-2.24.so
7fa180772000-7fa180776000 rw-p 00000000 00:00 0
7fa180776000-7fa180785000 r-xp 00000000 fd:00 524381                     
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7fa180785000-7fa180984000 ---p 0000f000 fd:00 524381                     
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7fa180984000-7fa180985000 r--p 0000e000 fd:00 524381                     
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7fa180985000-7fa180986000 rw-p 0000f000 fd:00 524381                     
/lib/x86_64-linux-gnu/libbz2.so.1.0.4
7fa180986000-7fa1809a9000 r-xp 00000000 fd:00 531850                     
/lib/x86_64-linux-gnu/ld-2.24.so
7fa1809fb000-7fa180b96000 r--p 00000000 fd:00 264231                     
/usr/lib/locale/locale-archive
7fa180b96000-7fa180b98000 rw-p 00000000 00:00 0
7fa180ba4000-7fa180ba8000 rw-p 00000000 00:00 0
7fa180ba8000-7fa180ba9000 r--p 00022000 fd:00 531850                     
/lib/x86_64-linux-gnu/ld-2.24.so
7fa180ba9000-7fa180baa000 rw-p 00023000 fd:00 531850                     
/lib/x86_64-linux-gnu/ld-2.24.so
7fa180baa000-7fa180bab000 rw-p 00000000 00:00 0
7ffdfbd7b000-7ffdfbd9c000 rw-p 00000000 00:00 0                          [stack]
7ffdfbdc3000-7ffdfbdc5000 r--p 00000000 00:00 0                          [vvar]
7ffdfbdc5000-7ffdfbdc7000 r-xp 00000000 00:00 0                          [vdso]

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9844
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844
[1] https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to