User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-158-1 (gzip)

From:  Martin Pitt <martin.pitt@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-158-1] gzip utility vulnerability
Date:  Mon, 1 Aug 2005 12:35:42 +0200
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com

=========================================================== Ubuntu Security Notice USN-158-1 August 01, 2005 gzip vulnerability CAN-2005-0758 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gzip The problem can be corrected by upgrading the affected package to version 1.3.5-9ubuntu3.3 (for Ubuntu 4.10), or 1.3.5-9ubuntu3.4 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: zgrep did not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 59244 9107611292808f982cb7e84a3e31cda3 http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 570 4848f3b7d4bf7dad3bfdce969fdb47a4 http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 331550 3d6c191dfd2bf307014b421c12dc8469 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 75472 bae609933a71ea74bb41493df98e193c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 70372 b774c65773bcb2cbadec5cc15ef12344 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 76988 5c868f74064211a975e44ec4917887a2 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 59260 4fe91fb2521be43a1961f7c0ae131014 http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 570 62b96204e004beb977ae78ebb99b9120 http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 331550 3d6c191dfd2bf307014b421c12dc8469 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 75576 21efd370efb1c0517ac767b95a37ee0a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 70394 307afbed15ed18fa0b3ddf339d8b7815 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1... Size/MD5: 77130 d3a3407db3ad0a86b5556043984604cf -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds