Updated unzip packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6 and 7.Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

The unzip utility is used to list, test, or extract files from azip archive.A buffer overflow was found in the way unzip uncompressed certain extrafields of a file. A specially crafted Zip archive could cause unzip tocrash or, possibly, execute arbitrary code when the archive was tested withunzip’s ‘-t’ option. (CVE-2014-9636)A buffer overflow flaw was found in the way unzip computed the CRC32checksum of certain extra fields of a file. A specially crafted Zip archivecould cause unzip to crash when the archive was tested with unzip’s ‘-t’option. (CVE-2014-8139)An integer underflow flaw, leading to a buffer overflow, was found in theway unzip uncompressed certain extra fields of a file. A specially craftedZip archive could cause unzip to crash when the archive was tested withunzip’s ‘-t’ option. (CVE-2014-8140)A buffer overflow flaw was found in the way unzip handled Zip64 files.A specially crafted Zip archive could possibly cause unzip to crash whenthe archive was uncompressed. (CVE-2014-8141)Red Hat would like to thank oCERT for reporting the CVE-2014-8139,CVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges MicheleSpagnuolo of the Google Security Team as the original reporter ofthese issues.All unzip users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
unzip-6.0-2.el6_6.src.rpm
    MD5: 39561c1d454e4e3af2fcf4659305f5b6SHA-256: 83c28c6e9471a2cc54d8593ea84424350ed6bc03be3e25b8a492f2fc251891d0
 
IA-32:
unzip-6.0-2.el6_6.i686.rpm
    MD5: b479caf39434f5229366d6ce67ec439dSHA-256: 0c69ca9b17ce0857c6a04fd33f99a1aeec438b1a26ff05460f6fae33bcc6be7a
unzip-debuginfo-6.0-2.el6_6.i686.rpm
    MD5: b24e05cf6a942f51fad43fbdf00f51c1SHA-256: ba47955aeb2b591c3059f7c96ab0c433e92b0bd95fd6377c0db3f79b48aa9c33
 
x86_64:
unzip-6.0-2.el6_6.x86_64.rpm
    MD5: 7c8ca4a60fd1f92a5a0b535495aa48efSHA-256: fa04c90b3d2e2a31cc786a9fbb276437418bcc5b4b4af1c06bb03edc55a59423
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
    MD5: ec1630ca89ea55a70fa5b5bf5f8215b0SHA-256: 746b52c5d5ae849a49bf3684bce6725e6bbd713a3f6440bd523b444ec7f41e41
 
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
unzip-6.0-15.el7.src.rpm
    MD5: 0c577a67d0d107cc18b629a560cc1e1bSHA-256: 3b714a555fa66416d9571be05ec063a542d2dcbaabf4d9421247e3fe69c3d108
 
x86_64:
unzip-6.0-15.el7.x86_64.rpm
    MD5: 5363bd9a25e61020beeed22e24ef8db8SHA-256: 61a9eeb3d895ac7927d2d57393ca4ad089d966f00d183277172c393bd3b44dda
unzip-debuginfo-6.0-15.el7.x86_64.rpm
    MD5: a7b907c4f1932af983d1900d81f5d5a6SHA-256: 70da6c47577ecb83be85ee9a237d2f68e8164264fdc5cad9fdecf1300c48c108
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
unzip-6.0-2.el6_6.src.rpm
    MD5: 39561c1d454e4e3af2fcf4659305f5b6SHA-256: 83c28c6e9471a2cc54d8593ea84424350ed6bc03be3e25b8a492f2fc251891d0
 
x86_64:
unzip-6.0-2.el6_6.x86_64.rpm
    MD5: 7c8ca4a60fd1f92a5a0b535495aa48efSHA-256: fa04c90b3d2e2a31cc786a9fbb276437418bcc5b4b4af1c06bb03edc55a59423
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
    MD5: ec1630ca89ea55a70fa5b5bf5f8215b0SHA-256: 746b52c5d5ae849a49bf3684bce6725e6bbd713a3f6440bd523b444ec7f41e41
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
unzip-6.0-15.el7.src.rpm
    MD5: 0c577a67d0d107cc18b629a560cc1e1bSHA-256: 3b714a555fa66416d9571be05ec063a542d2dcbaabf4d9421247e3fe69c3d108
 
x86_64:
unzip-6.0-15.el7.x86_64.rpm
    MD5: 5363bd9a25e61020beeed22e24ef8db8SHA-256: 61a9eeb3d895ac7927d2d57393ca4ad089d966f00d183277172c393bd3b44dda
unzip-debuginfo-6.0-15.el7.x86_64.rpm
    MD5: a7b907c4f1932af983d1900d81f5d5a6SHA-256: 70da6c47577ecb83be85ee9a237d2f68e8164264fdc5cad9fdecf1300c48c108
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
unzip-6.0-2.el6_6.src.rpm
    MD5: 39561c1d454e4e3af2fcf4659305f5b6SHA-256: 83c28c6e9471a2cc54d8593ea84424350ed6bc03be3e25b8a492f2fc251891d0
 
IA-32:
unzip-6.0-2.el6_6.i686.rpm
    MD5: b479caf39434f5229366d6ce67ec439dSHA-256: 0c69ca9b17ce0857c6a04fd33f99a1aeec438b1a26ff05460f6fae33bcc6be7a
unzip-debuginfo-6.0-2.el6_6.i686.rpm
    MD5: b24e05cf6a942f51fad43fbdf00f51c1SHA-256: ba47955aeb2b591c3059f7c96ab0c433e92b0bd95fd6377c0db3f79b48aa9c33
 
PPC:
unzip-6.0-2.el6_6.ppc64.rpm
    MD5: 7b3686a1dd3e708915c858d1df44639cSHA-256: b6baecaf853b099090ddfa2c273af0f40ff9c4956633a8814b7140bb42f5af92
unzip-debuginfo-6.0-2.el6_6.ppc64.rpm
    MD5: dc618f7971070c6e23f6fc782d17dad1SHA-256: 24a74edbc8f3aa3de5b627ae4cd37b7dffe045545508e634534a247ae8717a99
 
s390x:
unzip-6.0-2.el6_6.s390x.rpm
    MD5: 13ac8beb4a5d4a2f1bb9c87f159c68ccSHA-256: 043b13ec7cd2aac03bba6dece6ef47c5ef7162d838919571ea57b6066725b6f0
unzip-debuginfo-6.0-2.el6_6.s390x.rpm
    MD5: 82831006ff66206b10ac925e41c5507dSHA-256: 67e1fce074965af0d23d0777b7ce01f00b8fb3bef56def1db4dd60807b06e8af
 
x86_64:
unzip-6.0-2.el6_6.x86_64.rpm
    MD5: 7c8ca4a60fd1f92a5a0b535495aa48efSHA-256: fa04c90b3d2e2a31cc786a9fbb276437418bcc5b4b4af1c06bb03edc55a59423
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
    MD5: ec1630ca89ea55a70fa5b5bf5f8215b0SHA-256: 746b52c5d5ae849a49bf3684bce6725e6bbd713a3f6440bd523b444ec7f41e41
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
unzip-6.0-15.el7.src.rpm
    MD5: 0c577a67d0d107cc18b629a560cc1e1bSHA-256: 3b714a555fa66416d9571be05ec063a542d2dcbaabf4d9421247e3fe69c3d108
 
PPC:
unzip-6.0-15.el7.ppc64.rpm
    MD5: 35388c6a1a72900c28509d8604ddb484SHA-256: c53872cb9319c8d1299eebcfc3c575796b094a82d2b9c434e4fc46a48e4be7cd
unzip-debuginfo-6.0-15.el7.ppc64.rpm
    MD5: 2beb2f86490d98e07f49ac51207a8c26SHA-256: 69ca0a1449d22695509f0bd9b558e4015602addcf70e80303b1f5bfe235fffeb
 
s390x:
unzip-6.0-15.el7.s390x.rpm
    MD5: 2c7658f783f48312b70e683a1558fe40SHA-256: 4b95ed257a32e01f953960bfe4a30fdbd23dd9c015dfe4084cb1a17581970229
unzip-debuginfo-6.0-15.el7.s390x.rpm
    MD5: 8c85f9ab6faf523d9e4a064b2a088fa2SHA-256: 8c77a9e66b707fa26bdd3d9985b15d8fbb03f599dc42614e2fd509385fd7e21d
 
x86_64:
unzip-6.0-15.el7.x86_64.rpm
    MD5: 5363bd9a25e61020beeed22e24ef8db8SHA-256: 61a9eeb3d895ac7927d2d57393ca4ad089d966f00d183277172c393bd3b44dda
unzip-debuginfo-6.0-15.el7.x86_64.rpm
    MD5: a7b907c4f1932af983d1900d81f5d5a6SHA-256: 70da6c47577ecb83be85ee9a237d2f68e8164264fdc5cad9fdecf1300c48c108
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
unzip-6.0-2.el6_6.src.rpm
    MD5: 39561c1d454e4e3af2fcf4659305f5b6SHA-256: 83c28c6e9471a2cc54d8593ea84424350ed6bc03be3e25b8a492f2fc251891d0
 
IA-32:
unzip-6.0-2.el6_6.i686.rpm
    MD5: b479caf39434f5229366d6ce67ec439dSHA-256: 0c69ca9b17ce0857c6a04fd33f99a1aeec438b1a26ff05460f6fae33bcc6be7a
unzip-debuginfo-6.0-2.el6_6.i686.rpm
    MD5: b24e05cf6a942f51fad43fbdf00f51c1SHA-256: ba47955aeb2b591c3059f7c96ab0c433e92b0bd95fd6377c0db3f79b48aa9c33
 
PPC:
unzip-6.0-2.el6_6.ppc64.rpm
    MD5: 7b3686a1dd3e708915c858d1df44639cSHA-256: b6baecaf853b099090ddfa2c273af0f40ff9c4956633a8814b7140bb42f5af92
unzip-debuginfo-6.0-2.el6_6.ppc64.rpm
    MD5: dc618f7971070c6e23f6fc782d17dad1SHA-256: 24a74edbc8f3aa3de5b627ae4cd37b7dffe045545508e634534a247ae8717a99
 
s390x:
unzip-6.0-2.el6_6.s390x.rpm
    MD5: 13ac8beb4a5d4a2f1bb9c87f159c68ccSHA-256: 043b13ec7cd2aac03bba6dece6ef47c5ef7162d838919571ea57b6066725b6f0
unzip-debuginfo-6.0-2.el6_6.s390x.rpm
    MD5: 82831006ff66206b10ac925e41c5507dSHA-256: 67e1fce074965af0d23d0777b7ce01f00b8fb3bef56def1db4dd60807b06e8af
 
x86_64:
unzip-6.0-2.el6_6.x86_64.rpm
    MD5: 7c8ca4a60fd1f92a5a0b535495aa48efSHA-256: fa04c90b3d2e2a31cc786a9fbb276437418bcc5b4b4af1c06bb03edc55a59423
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
    MD5: ec1630ca89ea55a70fa5b5bf5f8215b0SHA-256: 746b52c5d5ae849a49bf3684bce6725e6bbd713a3f6440bd523b444ec7f41e41
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
unzip-6.0-2.el6_6.src.rpm
    MD5: 39561c1d454e4e3af2fcf4659305f5b6SHA-256: 83c28c6e9471a2cc54d8593ea84424350ed6bc03be3e25b8a492f2fc251891d0
 
IA-32:
unzip-6.0-2.el6_6.i686.rpm
    MD5: b479caf39434f5229366d6ce67ec439dSHA-256: 0c69ca9b17ce0857c6a04fd33f99a1aeec438b1a26ff05460f6fae33bcc6be7a
unzip-debuginfo-6.0-2.el6_6.i686.rpm
    MD5: b24e05cf6a942f51fad43fbdf00f51c1SHA-256: ba47955aeb2b591c3059f7c96ab0c433e92b0bd95fd6377c0db3f79b48aa9c33
 
x86_64:
unzip-6.0-2.el6_6.x86_64.rpm
    MD5: 7c8ca4a60fd1f92a5a0b535495aa48efSHA-256: fa04c90b3d2e2a31cc786a9fbb276437418bcc5b4b4af1c06bb03edc55a59423
unzip-debuginfo-6.0-2.el6_6.x86_64.rpm
    MD5: ec1630ca89ea55a70fa5b5bf5f8215b0SHA-256: 746b52c5d5ae849a49bf3684bce6725e6bbd713a3f6440bd523b444ec7f41e41
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
unzip-6.0-15.el7.src.rpm
    MD5: 0c577a67d0d107cc18b629a560cc1e1bSHA-256: 3b714a555fa66416d9571be05ec063a542d2dcbaabf4d9421247e3fe69c3d108
 
x86_64:
unzip-6.0-15.el7.x86_64.rpm
    MD5: 5363bd9a25e61020beeed22e24ef8db8SHA-256: 61a9eeb3d895ac7927d2d57393ca4ad089d966f00d183277172c393bd3b44dda
unzip-debuginfo-6.0-15.el7.x86_64.rpm
    MD5: a7b907c4f1932af983d1900d81f5d5a6SHA-256: 70da6c47577ecb83be85ee9a237d2f68e8164264fdc5cad9fdecf1300c48c108
 
(The unlinked packages above are only available from the Red Hat Network)
1174844 – CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)1174851 – CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)1174856 – CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)1184985 – CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply