Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in Gzip (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in Gzip (Aktualisierung)
ID: USN-5378-4
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM, Ubuntu 16.04 ESM
Datum: Mi, 13. April 2022, 22:39
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
Applikationen: gzip
Update von: Überschreiben von Dateien in Gzip

Originalnachricht


--===============0451283169908153415==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7iMSBzlTiPOCCT2k"
Content-Disposition: inline


--7iMSBzlTiPOCCT2k
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5378-4
April 13, 2022

gzip vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Gzip could be made to overwrite arbitrary files.

Software Description:
- gzip: GNU compression utilities

Details:

USN-5378-1 fixed a vulnerability in Gzip. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
gzip 1.6-4ubuntu1+esm1

Ubuntu 14.04 ESM:
gzip 1.6-3ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5378-4
https://ubuntu.com/security/notices/USN-5378-1
CVE-2022-1271

--7iMSBzlTiPOCCT2k
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmJW/2YACgkQRbznW4QL
H2mV4g/9EoqqXIvfDzP8kaenz7Z26x2D5aPiadb/lGS0By790SmGupWH+Us+C4s8
QkomTMx1ZPNKQqoHCTIlD523flYsQb5ohgfM+cOnZUGgFE5jtyVOI0wuJkhAzGxq
okziEpIYguVJVaSlJU80Tjnbd/sj8RV2eGah77XfvX6eE9MISaWBJRASdZ0XQ/ca
87fDyizBFdgJ64YoX5GJG6hJOWzMHBlgccUtCCDsN4LRmdm5PvE7B/ZR+TjS0L4j
eYZB7YcQHnBZEkqKo/N2o7bojhezWtZjCJEBxQPKqUrP6E8gKxdjjVcIwotuvuhh
+ILTZvs+TUS+FEVyUaNFvCSpH7FbK89p5tcxnfTRQKsrBHP/qP9G8NWkfvJGHoOz
aWPzHhFlfBmFVluLRF9HVU5bwS8eGeF1i4KDTx2kGwf2irjLaIWCBX2NweGE5LRb
xYATOVZ0UMhM9liBvIQrbedO+5aDHz9mzyfx5fmbvciGqyONZtvM4dSrRj5/zTcu
3TOIHLXx+NP0g33X3Fpzi5Fuc6mnZLYl4ZaM427FWjjl7XKDkM/Dysmv0C+D4l5D
jAEDnMvPNhQ2SS7l9PFWY6GOt/b2qm8KQcWpAcmR3tosPyTfF1hjC2/L95oII6KE
v8Js6GZStCY9+RPWoemLTyqnFwqmDcfvf93lFPoBDaULpMB+NM0=
=VnUb
-----END PGP SIGNATURE-----

--7iMSBzlTiPOCCT2k--


--===============0451283169908153415==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline


--===============0451283169908153415==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung