Debian Security Advisory DSA 1012-1 (unzip) Network Vulnerability

Summary

The remote host is missing an update to unzip announced via advisory DSA 1012-1. A buffer overflow in the command line argument parsing has been discovered in unzip, the de-archiver for ZIP files that could lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 5.50-1woody6.

Solution

For the stable distribution (sarge) this problem has been fixed in version 5.52-1sarge4. For the unstable distribution (sid) this problem has been fixed in version 5.52-7. We recommend that you upgrade your unzip package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201012-1

Severity

Classification

CVE CVE-2005-4667

CVSS	Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 2731-1 (libgcrypt11 - information leak)
Debian Security Advisory DSA 1296-1 (php4)
Debian Security Advisory DSA 2594-1 (virtualbox-ose - programming error)
Debian Security Advisory DSA 202-1 (im)
Debian Security Advisory DSA 1138-1 (cfs)

Take action and discover your vulnerabilities