Red Hat Product Errata RHSA-2019:2159 - Security Advisory

Issued:: 2019-08-06
Updated:: 2019-08-06

RHSA-2019:2159 - Security Advisory

Overview
Updated Packages

Synopsis

Low: unzip security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for unzip is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The unzip utility is used to list, test, and extract files from zip archives.

Security Fix(es):

unzip: Buffer overflow in list.c resulting in a denial of service (CVE-2018-18384)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1642931 - CVE-2018-18384 unzip: Buffer overflow in list.c resulting in a denial of service

CVEs

CVE-2018-18384

References

https://access.redhat.com/security/updates/classification/#low

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
x86_64
unzip-6.0-20.el7.x86_64.rpm	SHA-256: 50dc390d7688e40b1c24925e4efb6a62f6aac3016a57a687d5e498a6293aa0c3
unzip-debuginfo-6.0-20.el7.x86_64.rpm	SHA-256: 8f31e3c8d9371bcbdac19572afb93b9d60579e715533a9814d37cafc5845f281

Red Hat Enterprise Linux Workstation 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
x86_64
unzip-6.0-20.el7.x86_64.rpm	SHA-256: 50dc390d7688e40b1c24925e4efb6a62f6aac3016a57a687d5e498a6293aa0c3
unzip-debuginfo-6.0-20.el7.x86_64.rpm	SHA-256: 8f31e3c8d9371bcbdac19572afb93b9d60579e715533a9814d37cafc5845f281

Red Hat Enterprise Linux Desktop 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
x86_64
unzip-6.0-20.el7.x86_64.rpm	SHA-256: 50dc390d7688e40b1c24925e4efb6a62f6aac3016a57a687d5e498a6293aa0c3
unzip-debuginfo-6.0-20.el7.x86_64.rpm	SHA-256: 8f31e3c8d9371bcbdac19572afb93b9d60579e715533a9814d37cafc5845f281

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
s390x
unzip-6.0-20.el7.s390x.rpm	SHA-256: 2a9a336ad821be721cf14129c742370eb8a35d51532ca6ed685dcb94663b490b
unzip-debuginfo-6.0-20.el7.s390x.rpm	SHA-256: b08040e44acb30cfab762b8176492f53410534dfada7df8ede8d821ba4f1b011

Red Hat Enterprise Linux for Power, big endian 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
ppc64
unzip-6.0-20.el7.ppc64.rpm	SHA-256: 492000543f12c8e8042d6c90833a33f2890d8e549647e6505b8c27a82cb9e7b3
unzip-debuginfo-6.0-20.el7.ppc64.rpm	SHA-256: 22634ae2d255ae76d31d8b1c2c0421be23e47836b3ca42220fc65ccff3def8ab

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
x86_64
unzip-6.0-20.el7.x86_64.rpm	SHA-256: 50dc390d7688e40b1c24925e4efb6a62f6aac3016a57a687d5e498a6293aa0c3
unzip-debuginfo-6.0-20.el7.x86_64.rpm	SHA-256: 8f31e3c8d9371bcbdac19572afb93b9d60579e715533a9814d37cafc5845f281

Red Hat Enterprise Linux for Power, little endian 7

SRPM
unzip-6.0-20.el7.src.rpm	SHA-256: 49e4300edfbb313e746199434b9f4a0ca70c17ce228fcdf22821fe32a30b34b8
ppc64le
unzip-6.0-20.el7.ppc64le.rpm	SHA-256: 2631672898467224d09aceb76c8d7c8798babe0bb26ee5687fc1f6d3229186be
unzip-debuginfo-6.0-20.el7.ppc64le.rpm	SHA-256: c9f69da24874440d4fd867544157fdc7e7e944aa6f8cf78269e092d0f0bcc24c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories