Menu
▾
▴
[Cucumber-linux-security] unzip (security update is available)
|
From: Scott C. <sc...@cu...> - 2018-07-06 13:45:55
|
Update Information A security update is available for unzip for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jul 6 09:36:24 EDT 2018 apps-base/unzip rebuilt (build 4) to fix several security vulnerabilities that could cause a denial of service when extracting a maliciously crafted zip archive: CVE-2014-9636, CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. For more information see: https://security.cucumberlinux.com/security/details.php?id=450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636 https://security.cucumberlinux.com/security/details.php?id=460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139 https://security.cucumberlinux.com/security/details.php?id=459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140 https://security.cucumberlinux.com/security/details.php?id=461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-450 [CVE-2014-9636] (https://security.cucumberlinux.com/security/details.php?id=450) * CLD-459 [CVE-2014-8140] (https://security.cucumberlinux.com/security/details.php?id=459) * CLD-460 [CVE-2014-8139] (https://security.cucumberlinux.com/security/details.php?id=460) * CLD-461 [CVE-2014-8141] (https://security.cucumberlinux.com/security/details.php?id=461) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure unzip is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
