lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060215084333.GA5892@piware.de>
Date: Wed Feb 15 08:43:40 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-248-1] unzip vulnerability

===========================================================
Ubuntu Security Notice USN-248-1          February 13, 2006
unzip vulnerability
CVE-2005-4667
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

unzip

The problem can be corrected by upgrading the affected package to
version 5.51-2ubuntu0.3 (for Ubuntu 4.10), 5.51-2ubuntu1.3 (for Ubuntu
5.04), or 5.52-3ubuntu2.1 (for Ubuntu 5.10).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the handling of file name
arguments. By tricking a user or automated system into processing a
specially crafted, excessively long file name with unzip, an attacker
could exploit this to execute arbitrary code with the user's
privileges.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3.diff.gz
      Size/MD5:     6433 bd8da93f936f5ac234e5327c59bf8758
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3.dsc
      Size/MD5:      534 db487b07f655377436bc72be8431351a
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_amd64.deb
      Size/MD5:   148742 3af9fe5de336b8a59b19d2eadb892888

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_i386.deb
      Size/MD5:   135516 c334934daf9a7e49f064ef17e884f106

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_powerpc.deb
      Size/MD5:   149480 d5d41b65e3da33976e137bd22a85e2e5

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3.diff.gz
      Size/MD5:     7253 443470aef5d23f7290151222116fa81d
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3.dsc
      Size/MD5:      534 2618e86f3a4d42382c0add1ae2f978f5
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_amd64.deb
      Size/MD5:   148844 b30b12cd03aa4cedcc0ab83d387e2466

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_i386.deb
      Size/MD5:   136232 72feb619b0290ba9056cf24f9b467ec0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_powerpc.deb
      Size/MD5:   150924 3985b6ad992bd5a4dfd9aef941d83d8b

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1.diff.gz
      Size/MD5:     9670 76fa4142b93fd08f8fa4861533846d90
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1.dsc
      Size/MD5:      534 4afc9cba0b40ff5fcb5eef8442ac7da2
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_amd64.deb
      Size/MD5:   160486 6619e42ad67d9e53a50a93cb33073829

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_i386.deb
      Size/MD5:   147208 58a818487eb9b617a3e8f278246528b7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_powerpc.deb
      Size/MD5:   161976 d71ed8a8078bbf56bd87d16564fc5197
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060215/73261099/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ