Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in gzip
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in gzip
ID: MDKSA-2006:027
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 2.1
Datum: Di, 31. Januar 2006, 00:28
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
Applikationen: gzip

Originalnachricht

This is a multi-part message in MIME format...

------------=_1138663670-28203-566


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:027
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gzip
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which
allows local users to execute arbitrary commands via filenames that are
injected into a sed script.

This was previously corrected in MDKSA-2005:092, however the fix was
incomplete. These updated packages provide a more comprehensive fix
to the problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
62937bbc65984b8f32a8817ca9d0a83a 10.1/RPMS/gzip-1.2.4a-13.3.101mdk.i586.rpm
03b66c3fff9a34edf0f714f773755d94 10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
fc3cc9dbcf1ca6b67f19a512ca555ed9
x86_64/10.1/RPMS/gzip-1.2.4a-13.3.101mdk.x86_64.rpm
03b66c3fff9a34edf0f714f773755d94
x86_64/10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.2:
431066b4062f9f23a09a137edb20b7b6 10.2/RPMS/gzip-1.2.4a-14.2.102mdk.i586.rpm
15e833f4126a3708773a7f055c24e21e 10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b18f7f611c82083e8e5605687165f1f3
x86_64/10.2/RPMS/gzip-1.2.4a-14.2.102mdk.x86_64.rpm
15e833f4126a3708773a7f055c24e21e
x86_64/10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 2006.0:
9a496bbbe2e1a07096c7ac536fc2456c
2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.i586.rpm
da6e6cd98d8e37904c6e5140950367ac
2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e1e5bf8168bdd95291364b4078504df5
x86_64/2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.x86_64.rpm
da6e6cd98d8e37904c6e5140950367ac
x86_64/2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Corporate Server 2.1:
3b8cb2a9448fc5411bd8e49bb7037ffe
corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.i586.rpm
3baf958e1a8159e1621f7d1694b24a24
corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
996b5e2b2b3f330fa9387e18e9f7d422
x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.x86_64.rpm
3baf958e1a8159e1621f7d1694b24a24
x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate 3.0:
8d5bbe00592a9830ce4ac5d2b120e867
corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.i586.rpm
5baa56e8feb905c9fb48629344a88b02
corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
0fd942e8d92942d5cee224263a27db9c
x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.x86_64.rpm
5baa56e8feb905c9fb48629344a88b02
x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
1c2352fc2445c452769181be3d4e85a1
mnf/2.0/RPMS/gzip-1.2.4a-13.3.M20mdk.i586.rpm
601229e6188ad8ee34ff12f1147c5381
mnf/2.0/SRPMS/gzip-1.2.4a-13.3.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD3m7VmqjQ0CJFipgRAnTjAKDIGu/3EQKMJzmpu1MkNfbvyJtXmQCgkh7N
dirCY+O0YQ9SxxpcvSeOQ4c=
=pYlB
-----END PGP SIGNATURE-----


------------=_1138663670-28203-566
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1138663670-28203-566--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung