USN-248-1: unzip vulnerability

15 February 2006

unzip vulnerability

Releases

Details

A buffer overflow was discovered in the handling of file name
arguments. By tricking a user or automated system into processing a
specially crafted, excessively long file name with unzip, an attacker
could exploit this to execute arbitrary code with the user's
privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • unzip -
Ubuntu 5.04
  • unzip -
Ubuntu 4.10
  • unzip -

In general, a standard system update will make all the necessary changes.

References