Bugzilla – Bug 1080074
VUL-1: CVE-2018-1000035: unzip: [Heap-based buffer overflow in password protected ZIP archives]
Last modified: 2020-04-23 15:11:50 UTC
Created attachment 759403 [details] Fix for CVE-2018-1000035 CVE-2018-1000035 InfoZip’s UnZip suffers from a heap-based buffer overflow when uncompressing password protected ZIP archives. An attacker can exploit this vulnerability to overwrite heap chunks t-D_FORTIFY_SOURCE=2o get arbitrary code execution on the target system. Since we build with -D_FORTIFY_SOURCE=2 this is not exploitable, but will still crash the process. Unfortunately the upstream situation is unclear to me. The versions mentioned in the original blog (see references) cannot be found on the "original" website/FTP/SourceForge. I've found a fix in some (original?) forum: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548 References: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000035 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000035.html
Fixed for openSUSE:Factory: https://build.opensuse.org/request/show/574265 Attaching final fix with updated line numbers. Should be fixed with next maintenance update.
Created attachment 759406 [details] Final patch used in openSUSE:Factory/unzip
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-02-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63970
SUSE-SU-2018:0465-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1080074 CVE References: CVE-2018-1000035 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): unzip-6.00-11.18.3.1
SUSE-SU-2018:1883-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1080074,910683,914442 CVE References: CVE-2014-9636,CVE-2018-1000035 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): unzip-6.00-4.3.1
openSUSE-SU-2018:1914-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1080074,910683,914442 CVE References: CVE-2014-9636,CVE-2018-1000035 Sources used: openSUSE Leap 15.0 (src): unzip-6.00-lp150.3.3.1, unzip-rcc-6.00-lp150.3.3.1
SUSE-SU-2018:2978-1: An update that solves 6 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1013992,1013993,1080074,910683,914442,950110,950111 CVE References: CVE-2014-9636,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844,CVE-2018-1000035 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): unzip-6.00-33.8.1 SUSE Linux Enterprise Desktop 12-SP3 (src): unzip-6.00-33.8.1
openSUSE-SU-2018:3043-1: An update that solves 6 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1013992,1013993,1080074,910683,914442,950110,950111 CVE References: CVE-2014-9636,CVE-2014-9913,CVE-2015-7696,CVE-2015-7697,CVE-2016-9844,CVE-2018-1000035 Sources used: openSUSE Leap 42.3 (src): unzip-6.00-31.3.1, unzip-rcc-6.00-31.3.1
Done