Paketname
gzip
Datum
2004-12-06
Advisory ID
MDKSA-2004:142
Betroffene Versionen
9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , 9.2 i586 , MNF8.2 i586 , CS2.1 i586 , 10.1 x86_64

Problembeschreibung

The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. A similar problem was fixed last year (CAN-2003-0367) in which this same problem was found in znew. At that time, Mandrakesoft also used mktemp to correct the problems in gzexe. This update uses mktemp to handle temporary files in the zdiff script.

Aktualisierte Pakete

9.2 amd64

 ef5b7fd75554c4d1b125036e2341bc55  amd64/9.2/RPMS/gzip-1.2.4a-13.1.92mdk.amd64.rpm
50afab34a696bf740aeaf999a65d660b  amd64/9.2/SRPMS/gzip-1.2.4a-13.1.92mdk.src.rpm

CS2.1 x86_64

 e11f60108a7efc0bd917afdb4398b438  x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.3.C21mdk.x86_64.rpm
30ef2298b4dc0582f0d5004cba2313fe  x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.3.C21mdk.src.rpm

10.0 amd64

 3948d5261fdae9eb41492090e2037d8a  amd64/10.0/RPMS/gzip-1.2.4a-13.1.100mdk.amd64.rpm
040cd4de118139d83a3eb0c9f69455d6  amd64/10.0/SRPMS/gzip-1.2.4a-13.1.100mdk.src.rpm

10.1 i586

 daebea05aa9aee97b129cf70c33da39e  10.1/RPMS/gzip-1.2.4a-13.1.101mdk.i586.rpm
82b00b5e80d75f9be44faefee7030548  10.1/SRPMS/gzip-1.2.4a-13.1.101mdk.src.rpm

10.0 i586

 90bed38351f26f8ba6407aaf994bf32f  10.0/RPMS/gzip-1.2.4a-13.1.100mdk.i586.rpm
040cd4de118139d83a3eb0c9f69455d6  10.0/SRPMS/gzip-1.2.4a-13.1.100mdk.src.rpm

9.2 i586

 3a58262efc591b05714489fdf7aa764a  9.2/RPMS/gzip-1.2.4a-13.1.92mdk.i586.rpm
50afab34a696bf740aeaf999a65d660b  9.2/SRPMS/gzip-1.2.4a-13.1.92mdk.src.rpm

MNF8.2 i586

 d65c27535c3013ec5022e15f1153dc06  mnf8.2/RPMS/gzip-1.2.4a-11.3.M82mdk.i586.rpm
6997833b18051d19123abc2d03d5147b  mnf8.2/SRPMS/gzip-1.2.4a-11.3.M82mdk.src.rpm

CS2.1 i586

 8f06248061b9ac6dd4460e94e263b077  corporate/2.1/RPMS/gzip-1.2.4a-11.3.C21mdk.i586.rpm
30ef2298b4dc0582f0d5004cba2313fe  corporate/2.1/SRPMS/gzip-1.2.4a-11.3.C21mdk.src.rpm

10.1 x86_64

 cb67ff9bdd9077105952417e4af9b0f9  x86_64/10.1/RPMS/gzip-1.2.4a-13.1.101mdk.x86_64.rpm
82b00b5e80d75f9be44faefee7030548  x86_64/10.1/SRPMS/gzip-1.2.4a-13.1.101mdk.src.rpm

Referenzen