Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in gzip
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in gzip
ID: MDKSA-2005:092
Distribution: Mandriva
Plattformen: Mandriva 10.0, Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2
Datum: Do, 19. Mai 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
Applikationen: gzip

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           gzip
 Advisory ID:            MDKSA-2005:092
 Date:                   May 18th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Several vulnerabilities have been discovered in the gzip package:
 
 Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which 
 allows local users to execute arbitrary commands via filenames that are 
 injected into a sed script. (CAN-2005-0758)
 
 A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a
 gzip file allows local users to modify permissions of arbitrary files
 via a hard link attack on a file while it is being decompressed, whose 
 permissions are changed by gzip after the decompression is complete.
 (CAN-2005-0988)
 
 A directory traversal vulnerability via "gunzip -N" in gzip 1.2.4
 through 1.3.5 allows remote attackers to write to arbitrary directories
 via a .. (dot dot) in the original filename within a compressed file.
 (CAN-2005-1228)
 
 Updated packages are patched to address these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 747eb53b876e9dd0544d58d8cafd436d  10.0/RPMS/gzip-1.2.4a-13.2.100mdk.i586.rpm
 6b8b1c839de2659bdbf3ef7b2d084c49  10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 55b145f3a6211d3214e4ac84a9f3d2db 
 amd64/10.0/RPMS/gzip-1.2.4a-13.2.100mdk.amd64.rpm
 6b8b1c839de2659bdbf3ef7b2d084c49 
 amd64/10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 f52a97a5a011807be418d9813e8be8a7  10.1/RPMS/gzip-1.2.4a-13.2.101mdk.i586.rpm
 50b48751f7f56fafc86ae58c39473b19  10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 6f68527ab34b108cd142f7612f01624b 
 x86_64/10.1/RPMS/gzip-1.2.4a-13.2.101mdk.x86_64.rpm
 50b48751f7f56fafc86ae58c39473b19 
 x86_64/10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 2e4b095f517150b0c3fd8f06e8b02b54  10.2/RPMS/gzip-1.2.4a-14.1.102mdk.i586.rpm
 d9a2c5788a582dc194e4726b68708e75  10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 819a41d23efc8ad2c26cd9786178a52c 
 x86_64/10.2/RPMS/gzip-1.2.4a-14.1.102mdk.x86_64.rpm
 d9a2c5788a582dc194e4726b68708e75 
 x86_64/10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm

 Corporate Server 2.1:
 531d8990f2c080218daaafd80fa324d4 
 corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.i586.rpm
 255e4af1676fa7db7ebb6f9997bee3ef 
 corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 7094630fcd81e61eb6402d25b4afa2dd 
 x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.x86_64.rpm
 255e4af1676fa7db7ebb6f9997bee3ef 
 x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm

 Corporate 3.0:
 4d73819ec9c73150407ab0a6739e797b 
 corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.i586.rpm
 2d3852158ecc68f805ce3e63d3e0c563 
 corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 502e80bad0a21a86c06f85836c9e9579 
 x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.x86_64.rpm
 2d3852158ecc68f805ce3e63d3e0c563 
 x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCjCRKmqjQ0CJFipgRAjVDAJ497dbaWVLijg3G9GG37nzhgoqx7wCfU/3A
ZJJPpopYzcqlAbhAsfoYC6A=
=Qzu4
-----END PGP SIGNATURE-----


To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung