[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060215084333.GA5892@piware.de>
Date: Wed Feb 15 08:43:40 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-248-1] unzip vulnerability
===========================================================
Ubuntu Security Notice USN-248-1 February 13, 2006
unzip vulnerability
CVE-2005-4667
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
unzip
The problem can be corrected by upgrading the affected package to
version 5.51-2ubuntu0.3 (for Ubuntu 4.10), 5.51-2ubuntu1.3 (for Ubuntu
5.04), or 5.52-3ubuntu2.1 (for Ubuntu 5.10). In general, a standard
system upgrade is sufficient to effect the necessary changes.
Details follow:
A buffer overflow was discovered in the handling of file name
arguments. By tricking a user or automated system into processing a
specially crafted, excessively long file name with unzip, an attacker
could exploit this to execute arbitrary code with the user's
privileges.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3.diff.gz
Size/MD5: 6433 bd8da93f936f5ac234e5327c59bf8758
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3.dsc
Size/MD5: 534 db487b07f655377436bc72be8431351a
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
Size/MD5: 1112594 8a25712aac642430d87d21491f7c6bd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_amd64.deb
Size/MD5: 148742 3af9fe5de336b8a59b19d2eadb892888
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_i386.deb
Size/MD5: 135516 c334934daf9a7e49f064ef17e884f106
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_powerpc.deb
Size/MD5: 149480 d5d41b65e3da33976e137bd22a85e2e5
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3.diff.gz
Size/MD5: 7253 443470aef5d23f7290151222116fa81d
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3.dsc
Size/MD5: 534 2618e86f3a4d42382c0add1ae2f978f5
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
Size/MD5: 1112594 8a25712aac642430d87d21491f7c6bd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_amd64.deb
Size/MD5: 148844 b30b12cd03aa4cedcc0ab83d387e2466
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_i386.deb
Size/MD5: 136232 72feb619b0290ba9056cf24f9b467ec0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_powerpc.deb
Size/MD5: 150924 3985b6ad992bd5a4dfd9aef941d83d8b
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1.diff.gz
Size/MD5: 9670 76fa4142b93fd08f8fa4861533846d90
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1.dsc
Size/MD5: 534 4afc9cba0b40ff5fcb5eef8442ac7da2
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
Size/MD5: 1140291 9d23919999d6eac9217d1f41472034a9
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_amd64.deb
Size/MD5: 160486 6619e42ad67d9e53a50a93cb33073829
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_i386.deb
Size/MD5: 147208 58a818487eb9b617a3e8f278246528b7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_powerpc.deb
Size/MD5: 161976 d71ed8a8078bbf56bd87d16564fc5197
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060215/73261099/attachment.bin
Powered by blists - more mailing lists