Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-7054-1

Ubuntu Security Notice 7054-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#perl
==========================================================================Ubuntu Security Notice USN-7054-1October 03, 2024unzip vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:unzip could be made to crash or run programs as your login if it opened aspecially crafted file.Software Description:- unzip: De-archiver for .zip filesDetails:It was discovered that unzip did not properly handle unicode strings undercertain circumstances. If a user were tricked into opening a speciallycrafted zip file, an attacker could possibly use this issue to cause unzipto crash, resulting in a denial of service, or possibly execute arbitrarycode.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  unzip                           6.0-28ubuntu4.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7054-1  CVE-2021-4217Package Information:  https://launchpad.net/ubuntu/+source/unzip/6.0-28ubuntu4.1

Related news

Ubuntu Security Notice USN-5673-1

Ubuntu Security Notice 5673-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that unzip did not properly perform bounds checking while converting wide strings to local strings. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2021-4217: Bug #1957077 “SIGSEGV during processing of unicode string” : Bugs : unzip package : Ubuntu

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution