Red Hat Product Errata RHSA-2020:1181 - Security Advisory

Issued:: 2020-03-31
Updated:: 2020-03-31

RHSA-2020:1181 - Security Advisory

Overview
Updated Packages

Synopsis

Low: unzip security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for unzip is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The unzip utility is used to list, test, and extract files from zip archives.

Security Fix(es):

unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1727761 - CVE-2019-13232 unzip: overlapping of files in ZIP container leads to denial of service

CVEs

CVE-2019-13232

References

https://access.redhat.com/security/updates/classification/#low

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
x86_64
unzip-6.0-21.el7.x86_64.rpm	SHA-256: 48adf3c630487ead8f233cde6fdfe8819a8cfe1e76bf6fc4d62cf4b5059a630b
unzip-debuginfo-6.0-21.el7.x86_64.rpm	SHA-256: b7b6552ea90db4d219b281da34699bfff4dabffbfafa1b68225b988cc1611c7b

Red Hat Enterprise Linux Workstation 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
x86_64
unzip-6.0-21.el7.x86_64.rpm	SHA-256: 48adf3c630487ead8f233cde6fdfe8819a8cfe1e76bf6fc4d62cf4b5059a630b
unzip-debuginfo-6.0-21.el7.x86_64.rpm	SHA-256: b7b6552ea90db4d219b281da34699bfff4dabffbfafa1b68225b988cc1611c7b

Red Hat Enterprise Linux Desktop 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
x86_64
unzip-6.0-21.el7.x86_64.rpm	SHA-256: 48adf3c630487ead8f233cde6fdfe8819a8cfe1e76bf6fc4d62cf4b5059a630b
unzip-debuginfo-6.0-21.el7.x86_64.rpm	SHA-256: b7b6552ea90db4d219b281da34699bfff4dabffbfafa1b68225b988cc1611c7b

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
s390x
unzip-6.0-21.el7.s390x.rpm	SHA-256: 3609e4c89eba62cccfb3781fc05bc5aa555a0b2f712131ad8b02a340c5e76ac3
unzip-debuginfo-6.0-21.el7.s390x.rpm	SHA-256: 6f894077c90dda59a8a4f006277da94ca9e9071c1f49e6157a1f5d29056cefcb

Red Hat Enterprise Linux for Power, big endian 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
ppc64
unzip-6.0-21.el7.ppc64.rpm	SHA-256: bb2d53f5eafde279700d2939eea5ae583d50e771b0e99e9513638d053e051275
unzip-debuginfo-6.0-21.el7.ppc64.rpm	SHA-256: c2f31785097fe4a8863f0e6946b2bb28e631384c75467478850200de467daaa3

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
x86_64
unzip-6.0-21.el7.x86_64.rpm	SHA-256: 48adf3c630487ead8f233cde6fdfe8819a8cfe1e76bf6fc4d62cf4b5059a630b
unzip-debuginfo-6.0-21.el7.x86_64.rpm	SHA-256: b7b6552ea90db4d219b281da34699bfff4dabffbfafa1b68225b988cc1611c7b

Red Hat Enterprise Linux for Power, little endian 7

SRPM
unzip-6.0-21.el7.src.rpm	SHA-256: eeae124daff32c0637beb7f031b5362dc585ed328bd8ab520067298479b36100
ppc64le
unzip-6.0-21.el7.ppc64le.rpm	SHA-256: 9391b4150356adbe6ce832995fb299ebb7a75e7c593fa6fd31c220e7732dc88c
unzip-debuginfo-6.0-21.el7.ppc64le.rpm	SHA-256: 3ae9d6703e7764e806bf26f5c06023f7ad51b23f556f6a507e4ff4728e66b61c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories