[OmniOS-discuss] Small update to UNZIP covers CVE 2014-9636
Tim Rice
tim at multitalents.net
Thu Feb 12 05:32:26 UTC 2015
On Wed, 11 Feb 2015, Dan McDonald wrote:
|
| > On Feb 9, 2015, at 9:22 PM, Dan McDonald <danmcd at omniti.com> wrote:
| >
| > Thanks to Marissa Murphy for patching this. It's now available for "pkg update" on all supported repos: r151006/LTS, r151010/last-Stable, r151012/Stable, and r151013/bloody.
| >
| > Won't require a reboot, nor service restarts since these are just command replacements.
|
| You'll have to re-update unzip again, as the upstream (oss-security mailing list) discussion found a problem with the first fix.
And possibly once more. Have a look at CVE-2014-8139 discussed at
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
| Sorry about that!
These things happen.
| Dan
|
--
Tim Rice Multitalents (707) 456-1146
tim at multitalents.net
More information about the OmniOS-discuss
mailing list