Skip to navigation

Bug Fix Advisory unzip bug fix update

Advisory: RHBA-2007:0418-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2007-06-11
Last updated on: 2007-06-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2005-2475
CVE-2005-4667

Details

Updated unzip packages that address various bugs are now available.

The unzip utility is used to list, test, or extract files from a zip
archive.

This update addresses the following issues:

* a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475)

* a long filename buffer overflow vulnerability (CVE-2005-4667)

All users of unzip should upgrade to these updated packages, which
resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
unzip-5.50-35.EL3.src.rpm
File outdated by:  RHSA-2008:0196
    MD5: 93f4ce97178a3e969c5756ce7a5dd5c8
 
IA-32:
unzip-5.50-35.EL3.i386.rpm
File outdated by:  RHSA-2008:0196
    MD5: d25bf99f4dcbd1eb3615189e67f96564
 
x86_64:
unzip-5.50-35.EL3.x86_64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 75bcd070eecf4f1c695b58c5cceff598
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
unzip-5.50-35.EL3.src.rpm
File outdated by:  RHSA-2008:0196
    MD5: 93f4ce97178a3e969c5756ce7a5dd5c8
 
IA-32:
unzip-5.50-35.EL3.i386.rpm
File outdated by:  RHSA-2008:0196
    MD5: d25bf99f4dcbd1eb3615189e67f96564
 
IA-64:
unzip-5.50-35.EL3.ia64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 83c5554f283075bf3aa9c42a8d851098
 
PPC:
unzip-5.50-35.EL3.ppc.rpm
File outdated by:  RHSA-2008:0196
    MD5: 8aed54ca977849fe92aef448f990d96a
 
s390:
unzip-5.50-35.EL3.s390.rpm
File outdated by:  RHSA-2008:0196
    MD5: 0fd314caa8c785838477f3b1c21ca527
 
s390x:
unzip-5.50-35.EL3.s390x.rpm
File outdated by:  RHSA-2008:0196
    MD5: bf35d8f307a6ef8198634debad5f9eda
 
x86_64:
unzip-5.50-35.EL3.x86_64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 75bcd070eecf4f1c695b58c5cceff598
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
unzip-5.50-35.EL3.src.rpm
File outdated by:  RHSA-2008:0196
    MD5: 93f4ce97178a3e969c5756ce7a5dd5c8
 
IA-32:
unzip-5.50-35.EL3.i386.rpm
File outdated by:  RHSA-2008:0196
    MD5: d25bf99f4dcbd1eb3615189e67f96564
 
IA-64:
unzip-5.50-35.EL3.ia64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 83c5554f283075bf3aa9c42a8d851098
 
x86_64:
unzip-5.50-35.EL3.x86_64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 75bcd070eecf4f1c695b58c5cceff598
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
unzip-5.50-35.EL3.src.rpm
File outdated by:  RHSA-2008:0196
    MD5: 93f4ce97178a3e969c5756ce7a5dd5c8
 
IA-32:
unzip-5.50-35.EL3.i386.rpm
File outdated by:  RHSA-2008:0196
    MD5: d25bf99f4dcbd1eb3615189e67f96564
 
IA-64:
unzip-5.50-35.EL3.ia64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 83c5554f283075bf3aa9c42a8d851098
 
x86_64:
unzip-5.50-35.EL3.x86_64.rpm
File outdated by:  RHSA-2008:0196
    MD5: 75bcd070eecf4f1c695b58c5cceff598
 

Bugs fixed (see bugzilla for more information)

186570 - CVE-2005-4667 unzip long filename buffer overflow
226749 - CVE-2005-2475 TOCTOU issue in unzip


References


Keywords

file, large, toctou, unzip


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/