lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060919154857.GD4658@piware.de>
Date: Tue, 19 Sep 2006 17:48:57 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-349-1] gzip vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-349-1         September 19, 2006
gzip vulnerabilities
CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337,
CVE-2006-4338
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  gzip                                     1.3.5-9ubuntu3.5

Ubuntu 5.10:
  gzip                                     1.3.5-11ubuntu2.1

Ubuntu 6.06 LTS:
  gzip                                     1.3.5-12ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that gzip did not sufficiently verify the
validity of gzip or compress archives while unpacking. By tricking an
user or automated system into unpacking a specially crafted compressed
file, this could be exploited to execute arbitrary code with the
user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5.diff.gz
      Size/MD5:    61153 d63e10a794e5ea01f2accdbaf8bf3d80
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5.dsc
      Size/MD5:      570 24976fc238f8e6614cc28cd3d2a6ddca
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
      Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5_amd64.deb
      Size/MD5:    75848 209e5949f27077a5111a0e48e1814e28

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5_i386.deb
      Size/MD5:    70672 bb8ecf2656df00adb2f73d7c58bfae16

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5_powerpc.deb
      Size/MD5:    77502 866b75307a0c11bba729754014d37cf2

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1.diff.gz
      Size/MD5:    61684 90455942d0fc30de77d0a7e03db7901d
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1.dsc
      Size/MD5:      572 e6b726ade7eef11b0ec01a78709718ec
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
      Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_amd64.deb
      Size/MD5:    76842 5afca3802f6380462aa81df1b71e03e6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_i386.deb
      Size/MD5:    71672 f84d912eb056ba6301d7972a1da6fbf0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_powerpc.deb
      Size/MD5:    78620 83dbc2b0f7ea1be86bdfd384b0a1a42e

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_sparc.deb
      Size/MD5:    75866 0390a63c0774ae2661fab737371044f8

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1.diff.gz
      Size/MD5:    59646 2661380cbe7761cda97ca2282820a9be
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1.dsc
      Size/MD5:      574 200363f2ab018cea40c61cf9c98c705c
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
      Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_amd64.deb
      Size/MD5:    76470 5e9e2d325e742ce73c3c070e5d7856b3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_i386.deb
      Size/MD5:    71224 4c232bcc8218250455ec4d89eabaa7ea

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_powerpc.deb
      Size/MD5:    78232 43b9c25f558df5037c5b798bd87a43ef

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_sparc.deb
      Size/MD5:    74976 25095d566148ad95e3a7fd96c03f2122

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ