Headline
Ubuntu Security Notice USN-7054-1
Ubuntu Security Notice 7054-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-7054-1October 03, 2024unzip vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:unzip could be made to crash or run programs as your login if it opened aspecially crafted file.Software Description:- unzip: De-archiver for .zip filesDetails:It was discovered that unzip did not properly handle unicode strings undercertain circumstances. If a user were tricked into opening a speciallycrafted zip file, an attacker could possibly use this issue to cause unzipto crash, resulting in a denial of service, or possibly execute arbitrarycode.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS unzip 6.0-28ubuntu4.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7054-1 CVE-2021-4217Package Information: https://launchpad.net/ubuntu/+source/unzip/6.0-28ubuntu4.1Related news
Ubuntu Security Notice 5673-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.