Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in unzip
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in unzip
ID: USN-589-1
Distribution: Ubuntu
Plattformen: Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10
Datum: Do, 20. März 2008, 21:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
Applikationen: UnZip

Originalnachricht

 

--===============8339752206355554066==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="8w3uRX/HFJGApMzv"
Content-Disposition: inline


--8w3uRX/HFJGApMzv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-589-1             March 20,
 2008==========20=================================================
unzip vulnerability
CVE-2008-0888
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  unzip                           5.52-6ubuntu4.1

Ubuntu 6.10:
  unzip                           5.52-8ubuntu1.1

Ubuntu 7.04:
  unzip                           5.52-9ubuntu3.1

Ubuntu 7.10:
  unzip                           5.52-10ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that unzip did not correctly clean up pointers.
If a user or automated service was tricked into processing a specially
crafted ZIP archive, a remote attacker could execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4=
=2E1.diff.gz
      Size/MD5:    12788 c944a77823f756df4f6f1352028c51ba
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4=
=2E1.dsc
      Size/MD5:      535 05a4c713cd2bc201d7fec5dd0f1807ce
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar=
=2Egz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4=
=2E1_amd64.deb
      Size/MD5:   161102 b975bb72efc3b8b8a7355011090a76d3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4=
=2E1_i386.deb
      Size/MD5:   147240 7470f2fa04517e0b5b601f69db54ac84

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4=
=2E1_powerpc.deb
      Size/MD5:   165218 a6b0dc720809d80d31e809492056eee0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4=
=2E1_sparc.deb
      Size/MD5:   164078 552d2029d247f091442e174eae9c3a19

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1=
=2E1.diff.gz
      Size/MD5:    12565 7c86995d3353555020b5072979437d32
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1=
=2E1.dsc
      Size/MD5:      535 942549c5fc2654810ecece441c702ed7
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar=
=2Egz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1=
=2E1_amd64.deb
      Size/MD5:   164316 1fba1ee7c30fbd2572c49d55938eac54

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1=
=2E1_i386.deb
      Size/MD5:   151466 20e48a45fad384a8310ce970c00903b2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1=
=2E1_powerpc.deb
      Size/MD5:   165248 c9f333ffc8b3ea28bd5882c6f683d200

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1=
=2E1_sparc.deb
      Size/MD5:   163544 b9cf45c1b44e808e6f4bc28a0e462ba5

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3=
=2E1.diff.gz
      Size/MD5:    91922 4ab4fa170cfb1009969476118e6c5ea0
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3=
=2E1.dsc
      Size/MD5:      619 721b61d3b81b58e01eab7e4d75ec0616
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar=
=2Egz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3=
=2E1_amd64.deb
      Size/MD5:   167272 1b0f7e30281083c3c1f7ee7ea1edbff4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3=
=2E1_i386.deb
      Size/MD5:   154032 ab6718b23c1cff644082b0126a72a02e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3=
=2E1_powerpc.deb
      Size/MD5:   169850 b3cf955d0462608841b350435a049f4d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3=
=2E1_sparc.deb
      Size/MD5:   166698 4a8cfaa0a4f1eb5bd54649a8a770b9fd

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu=
1.1.diff.gz
      Size/MD5:    92162 9cb570c2efaac04984b2a0742015ea05
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu=
1.1.dsc
      Size/MD5:      621 8e761acc5aa550a4c12c32a1c233d992
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar=
=2Egz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu=
1.1_amd64.deb
      Size/MD5:   167694 cd72a56dbb1eab868f159b9b822a22c8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu=
1.1_i386.deb
      Size/MD5:   154212 be2f160d462a22bd11bf744498e69977

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu=
1.1_powerpc.deb
      Size/MD5:   169998 630a0893db3e5fee553860240946cb21

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu=
1.1_sparc.deb
      Size/MD5:   166968 88ffce45be1200383a5609f09be92417


--8w3uRX/HFJGApMzv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH4sU8H/9LqRcGPm0RAvkBAJ4g6q4OyHR1Ozdsa5KstWtm6QtB8QCfYWZT
Zt/9oaolMJmR531KKmpLgII=
=5eIr
-----END PGP SIGNATURE-----

--8w3uRX/HFJGApMzv--


--===============8339752206355554066==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8339752206355554066==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung