Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in bzip2
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in bzip2
ID: MDKSA-2005:091
Distribution: Mandriva
Plattformen: Mandriva 10.0, Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2
Datum: Do, 19. Mai 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1260
Applikationen: bzip2

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           bzip2
 Advisory ID:            MDKSA-2005:091
 Date:                   May 18th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A race condition in the file permission restore code of bunzip2 was
 discovered by Imran Ghory.  While a user was decompressing a file, a
 local attacker with write permissions to the directory containing the
 compressed file could replace the target file with a hard link which
 would cause bunzip2 to restore the file permissions of the original
 file to the hard link target.  This could be exploited to gain read or
 write access to files of other users (CAN-2005-0953).
 
 A vulnerability was found where specially crafted bzip2 archives would
 cause an infinite loop in the decompressor, resulting in an
 indefinitively large output file (also known as a "decompression
 bomb").  This could be exploited to cause a Denial of Service attack
 on the host computer due to disk space exhaustion (CAN-2005-1260).
 
 The provided packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 4b2bb8d970b222f3d941181c97ac90b4  10.0/RPMS/bzip2-1.0.2-17.1.100mdk.i586.rpm
 668e3c51aba91c2593a8acff74d44454 
 10.0/RPMS/libbzip2_1-1.0.2-17.1.100mdk.i586.rpm
 94f02cd14f2600f9bb2feafa3bb9d86e 
 10.0/RPMS/libbzip2_1-devel-1.0.2-17.1.100mdk.i586.rpm
 c22b1d64b5479d4924612a96d20f7944  10.0/SRPMS/bzip2-1.0.2-17.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 cb22383be6cb4a2f32170a1c6b5aa0cf 
 amd64/10.0/RPMS/bzip2-1.0.2-17.1.100mdk.amd64.rpm
 923353937d7dd11490f769a23012d229 
 amd64/10.0/RPMS/lib64bzip2_1-1.0.2-17.1.100mdk.amd64.rpm
 796494bd8a1731f1b970421a6c1657ee 
 amd64/10.0/RPMS/lib64bzip2_1-devel-1.0.2-17.1.100mdk.amd64.rpm
 c22b1d64b5479d4924612a96d20f7944 
 amd64/10.0/SRPMS/bzip2-1.0.2-17.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 c712f5670311f97e101fe2d0a8ed8c2b  10.1/RPMS/bzip2-1.0.2-20.1.101mdk.i586.rpm
 3b7a755b9faf46953f8030eab2b9a5f0 
 10.1/RPMS/libbzip2_1-1.0.2-20.1.101mdk.i586.rpm
 70428efe689e2e0e6e88ee0f1c930475 
 10.1/RPMS/libbzip2_1-devel-1.0.2-20.1.101mdk.i586.rpm
 19be2dba061d76a9b79f7376077e238f  10.1/SRPMS/bzip2-1.0.2-20.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 02b04af8089d801bf139dfdc5fbe61e3 
 x86_64/10.1/RPMS/bzip2-1.0.2-20.1.101mdk.x86_64.rpm
 8c835acc2c2dc823b94e332340502245 
 x86_64/10.1/RPMS/lib64bzip2_1-1.0.2-20.1.101mdk.x86_64.rpm
 92a783e1d9dea6c00324b6ed12d74635 
 x86_64/10.1/RPMS/lib64bzip2_1-devel-1.0.2-20.1.101mdk.x86_64.rpm
 19be2dba061d76a9b79f7376077e238f 
 x86_64/10.1/SRPMS/bzip2-1.0.2-20.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 64e8f1fb474606a4bfbeb2adee7cabf6  10.2/RPMS/bzip2-1.0.2-20.1.102mdk.i586.rpm
 53fe82aefa0ff6aeff8ce0b5a7649b5c 
 10.2/RPMS/libbzip2_1-1.0.2-20.1.102mdk.i586.rpm
 9d420447e67a42f77e22c28d55bf611a 
 10.2/RPMS/libbzip2_1-devel-1.0.2-20.1.102mdk.i586.rpm
 bc16ae3ec7865dc9e8d382f22d296cb2  10.2/SRPMS/bzip2-1.0.2-20.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 d87a3bc804e9c716a17b44d2144255a7 
 x86_64/10.2/RPMS/bzip2-1.0.2-20.1.102mdk.x86_64.rpm
 6f0841e3c59c302819abd300e37a4b4f 
 x86_64/10.2/RPMS/lib64bzip2_1-1.0.2-20.1.102mdk.x86_64.rpm
 31a163ba5a620dc925279e0cd2b988b4 
 x86_64/10.2/RPMS/lib64bzip2_1-devel-1.0.2-20.1.102mdk.x86_64.rpm
 bc16ae3ec7865dc9e8d382f22d296cb2 
 x86_64/10.2/SRPMS/bzip2-1.0.2-20.1.102mdk.src.rpm

 Corporate Server 2.1:
 297004f1d8a720780325382271f94164 
 corporate/2.1/RPMS/bzip2-1.0.2-10.1.C21mdk.i586.rpm
 2e9376a5ebaeef7ab611c31377962636 
 corporate/2.1/RPMS/libbzip2_1-1.0.2-10.1.C21mdk.i586.rpm
 54747fe92a6779b85ac84286c398bb14 
 corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.1.C21mdk.i586.rpm
 2220cf9a3e6842172f98c01909e3f77e 
 corporate/2.1/SRPMS/bzip2-1.0.2-10.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 cfaf6fd095f0d7434e80d8a4f0156255 
 x86_64/corporate/2.1/RPMS/bzip2-1.0.2-10.1.C21mdk.x86_64.rpm
 efddfee91fe70c73d3162cd4f2ab2581 
 x86_64/corporate/2.1/RPMS/libbzip2_1-1.0.2-10.1.C21mdk.x86_64.rpm
 a41917f3e9a008c625b90481c9357aff 
 x86_64/corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.1.C21mdk.x86_64.rpm
 2220cf9a3e6842172f98c01909e3f77e 
 x86_64/corporate/2.1/SRPMS/bzip2-1.0.2-10.1.C21mdk.src.rpm

 Corporate 3.0:
 b01aca9e32f1b7beadf1dede32fe8726 
 corporate/3.0/RPMS/bzip2-1.0.2-17.1.C30mdk.i586.rpm
 01fb59c1b265d341bd1182ef833186e3 
 corporate/3.0/RPMS/libbzip2_1-1.0.2-17.1.C30mdk.i586.rpm
 7555509f257ddbef15e4f09e4bc3fda5 
 corporate/3.0/RPMS/libbzip2_1-devel-1.0.2-17.1.C30mdk.i586.rpm
 361836a8f0bcdbd18cc376df549f1d2b 
 corporate/3.0/SRPMS/bzip2-1.0.2-17.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b06a4e4af363c43e1e24e45e156f6282 
 x86_64/corporate/3.0/RPMS/bzip2-1.0.2-17.1.C30mdk.x86_64.rpm
 7c075c3748cba9471e9d13ce4ae8b4c2 
 x86_64/corporate/3.0/RPMS/lib64bzip2_1-1.0.2-17.1.C30mdk.x86_64.rpm
 d15c9f810a0b1ec7e153154304b8dc53 
 x86_64/corporate/3.0/RPMS/lib64bzip2_1-devel-1.0.2-17.1.C30mdk.x86_64.rpm
 361836a8f0bcdbd18cc376df549f1d2b 
 x86_64/corporate/3.0/SRPMS/bzip2-1.0.2-17.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCjBeCmqjQ0CJFipgRAj/zAJ0ZbXjjihsKQHDasMvEL3zAH+aTkgCgqWSV
dHSH6DEdKzeVpHX1gbPFLPU=
=kJjT
-----END PGP SIGNATURE-----


To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung