unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315 - openembedded-core

diff options

author	Roy Li <rongqing.li@windriver.com>	2015-04-29 08:53:35 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-06-28 09:41:53 +0100
commit	d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8 (patch)
tree	6192c8556cc4d593c933f726e1f9bf8765880c1e /meta/recipes-extended/cracklib
parent	0b12cc3a326740bd95bb199d4f1b38bf5beadfa9 (diff)
download	openembedded-core-d868f9e8a6a5d4dc9c38e2881a329f7e3210eab8.tar.gz

unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315 Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. (From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/cracklib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: