{"id":"USN-2788-2","summary":"unzip regression","details":"USN-2788-1 fixed vulnerabilities in unzip. One of the security patches\ncaused a regression when extracting 0-byte files. This update fixes the\nproblem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Gustavo Grieco discovered that unzip incorrectly handled certain password\n protected archives. If a user or automated system were tricked into\n processing a specially crafted zip archive, an attacker could possibly\n execute arbitrary code. (CVE-2015-7696)\n \n Gustavo Grieco discovered that unzip incorrectly handled certain malformed\n archives. If a user or automated system were tricked into processing a\n specially crafted zip archive, an attacker could possibly cause unzip to\n hang, resulting in a denial of service. (CVE-2015-7697)\n","modified":"2026-02-10T04:40:56Z","published":"2015-11-09T16:19:30Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2788-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1513293"}],"affected":[{"package":{"name":"unzip","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/unzip@6.0-9ubuntu1.5?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0-9ubuntu1.5"}]}],"versions":["6.0-9ubuntu1","6.0-9ubuntu1.1","6.0-9ubuntu1.2","6.0-9ubuntu1.3","6.0-9ubuntu1.4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"6.0-9ubuntu1.5","binary_name":"unzip"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2788-2.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]}}}],"schema_version":"1.7.3"}