drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in unzip
Name: |
Ausführen beliebiger Kommandos in unzip |
|
ID: |
USN-589-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10 |
|
Datum: |
Do, 20. März 2008, 21:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 |
|
Applikationen: |
UnZip |
|
Originalnachricht |
--===============8339752206355554066== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8w3uRX/HFJGApMzv" Content-Disposition: inline
--8w3uRX/HFJGApMzv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
Ubuntu Security Notice USN-589-1 March 20, 2008==========20================================================= unzip vulnerability CVE-2008-0888 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: unzip 5.52-6ubuntu4.1
Ubuntu 6.10: unzip 5.52-8ubuntu1.1
Ubuntu 7.04: unzip 5.52-9ubuntu3.1
Ubuntu 7.10: unzip 5.52-10ubuntu1.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4= =2E1.diff.gz Size/MD5: 12788 c944a77823f756df4f6f1352028c51ba http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4= =2E1.dsc Size/MD5: 535 05a4c713cd2bc201d7fec5dd0f1807ce http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar= =2Egz Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4= =2E1_amd64.deb Size/MD5: 161102 b975bb72efc3b8b8a7355011090a76d3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4= =2E1_i386.deb Size/MD5: 147240 7470f2fa04517e0b5b601f69db54ac84
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4= =2E1_powerpc.deb Size/MD5: 165218 a6b0dc720809d80d31e809492056eee0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-6ubuntu4= =2E1_sparc.deb Size/MD5: 164078 552d2029d247f091442e174eae9c3a19
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1= =2E1.diff.gz Size/MD5: 12565 7c86995d3353555020b5072979437d32 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1= =2E1.dsc Size/MD5: 535 942549c5fc2654810ecece441c702ed7 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar= =2Egz Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1= =2E1_amd64.deb Size/MD5: 164316 1fba1ee7c30fbd2572c49d55938eac54
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1= =2E1_i386.deb Size/MD5: 151466 20e48a45fad384a8310ce970c00903b2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1= =2E1_powerpc.deb Size/MD5: 165248 c9f333ffc8b3ea28bd5882c6f683d200
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-8ubuntu1= =2E1_sparc.deb Size/MD5: 163544 b9cf45c1b44e808e6f4bc28a0e462ba5
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3= =2E1.diff.gz Size/MD5: 91922 4ab4fa170cfb1009969476118e6c5ea0 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3= =2E1.dsc Size/MD5: 619 721b61d3b81b58e01eab7e4d75ec0616 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar= =2Egz Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3= =2E1_amd64.deb Size/MD5: 167272 1b0f7e30281083c3c1f7ee7ea1edbff4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3= =2E1_i386.deb Size/MD5: 154032 ab6718b23c1cff644082b0126a72a02e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3= =2E1_powerpc.deb Size/MD5: 169850 b3cf955d0462608841b350435a049f4d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-9ubuntu3= =2E1_sparc.deb Size/MD5: 166698 4a8cfaa0a4f1eb5bd54649a8a770b9fd
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu= 1.1.diff.gz Size/MD5: 92162 9cb570c2efaac04984b2a0742015ea05 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu= 1.1.dsc Size/MD5: 621 8e761acc5aa550a4c12c32a1c233d992 http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar= =2Egz Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu= 1.1_amd64.deb Size/MD5: 167694 cd72a56dbb1eab868f159b9b822a22c8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu= 1.1_i386.deb Size/MD5: 154212 be2f160d462a22bd11bf744498e69977
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu= 1.1_powerpc.deb Size/MD5: 169998 630a0893db3e5fee553860240946cb21
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu= 1.1_sparc.deb Size/MD5: 166968 88ffce45be1200383a5609f09be92417
--8w3uRX/HFJGApMzv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH4sU8H/9LqRcGPm0RAvkBAJ4g6q4OyHR1Ozdsa5KstWtm6QtB8QCfYWZT Zt/9oaolMJmR531KKmpLgII= =5eIr -----END PGP SIGNATURE-----
--8w3uRX/HFJGApMzv--
--===============8339752206355554066== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8339752206355554066==--
|
|
|
|