Wind River Support Network

HomeDefectsLIN6-10024

Fixed

LIN6-10024 : Security Advisory - unzip - CVE-2014-8140

Created: Jun 16, 2015 Updated: Dec 3, 2018

Resolved Date: Jun 17, 2015

Previous ID: LIN5-20559

Found In Version: 6.0.0.20

Fix Version: 6.0.0.22

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

A correction fix is requested for :
CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)

The write error shows a problem in extract.c:test_compr_eb(), which was not expecting an uncompressed size of zero for an EF_NTSD extra block.

Proposed changes:

http://antinode.info/ftp/info-zip/unzip60/extract.c

extract.c:test_compr_eb() gets a new validity test.

which according to:
http://www.ocert.org/advisories/ocert-2014-011.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140

Other Downloads

Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38