Fedora Legacy Test Update Notification: unzip

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Mar 16 01:32:20 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-180159
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180159
2006-03-15
---------------------------------------------------------------------

Name        : unzip
Versions    : rh73: unzip-5.50-31.1.legacy
Versions    : rh9: unzip-5.50-33.1.legacy
Versions    : fc1: unzip-5.50-35.1.legacy
Versions    : fc2: unzip-5.50-37.1.legacy
Versions    : fc3: unzip-5.51-4.fc3.1.legacy
Summary     : A utility for unpacking zip files.
Description :
The unzip utility is used to list, test, or extract files from a zip
archive. Zip archives are commonly found on MS-DOS systems. The zip
utility, included in the zip package, creates zip archives. Zip and
unzip are both compatible with archives created by PKWARE(R)'s PKZIP
for MS-DOS, but the programs' options and default behaviors do differ
in some respects.

---------------------------------------------------------------------
Update Information:

An updated unzip package that fixes a buffer overflow vulnerability is
now available.

The unzip utility is used to list, test, or extract files from a zip
archive.

A buffer overflow bug has been discovered in unzip when handling long
file names. An attacker could create a specially crafted path which
could cause unzip to crash or execute arbitrary instructions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-4667 to this issue.

Users of unzip should upgrade to this updated package, which contains
backported patches and is not vulnerable to this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.50-31.1.legacy
- Added a legacy release tag

* Mon Feb 06 2006 Michal Jaegermann <michal at harddata.com> 5.50-31.hd
- patch for bz 178961 - CVE-2005-4667 - unzip long file name buffer overflow

rh9:
* Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.50-33.1.legacy
- Added patch for CVE-2005-4667

fc1:
* Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.50-35.1.legacy
- Added patch for CVE-2005-4667

fc2:
* Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.50-37.1.legacy
- Added patch for CVE-2005-4667

fc3:
* Thu Mar 09 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
5.51-4.fc3.1.legacy
- Added patch for CVE-2005-4667

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
5d341df449ddf2d22410bd37bfba7d124960c1ae
redhat/7.3/updates-testing/i386/unzip-5.50-31.1.legacy.i386.rpm
d76fb8e7acc75cfca6d419b461ded4176348e2a2
redhat/7.3/updates-testing/SRPMS/unzip-5.50-31.1.legacy.src.rpm

rh9:
00b6b6b34e4229e9a2547418c83470752c9c9ff9
redhat/9/updates-testing/i386/unzip-5.50-33.1.legacy.i386.rpm
30aa7fdaf8aada1dbb30dab4e6058a846d6a1e34
redhat/9/updates-testing/SRPMS/unzip-5.50-33.1.legacy.src.rpm

fc1:
473bf802cf9257684f534cb99e7813e4257bf189
fedora/1/updates-testing/i386/unzip-5.50-35.1.legacy.i386.rpm
5f5fba20950799ed5676fa1e65044f3b2a61c497
fedora/1/updates-testing/SRPMS/unzip-5.50-35.1.legacy.src.rpm

fc2:
475ae5bed64d3273ccd986d5ee55bd5300b9b01f
fedora/2/updates-testing/i386/unzip-5.50-37.1.legacy.i386.rpm
4d35e2bceeb45747e415b66deea0e955b258889e
fedora/2/updates-testing/SRPMS/unzip-5.50-37.1.legacy.src.rpm

fc3:
3fdea3917830be7fd801a2872ef2caa115592d13
fedora/3/updates-testing/i386/unzip-5.51-4.fc3.1.legacy.i386.rpm
a55ddb890db2308be565ea22057624808afda1b3
fedora/3/updates-testing/x86_64/unzip-5.51-4.fc3.1.legacy.x86_64.rpm
e1f9b432cec0100d9a50ad99d3b72c8b19aea8b4
fedora/3/updates-testing/SRPMS/unzip-5.51-4.fc3.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/4c04c6f8/attachment.sig>

More information about the fedora-legacy-list mailing list