MDKSA-2005:092
- Package name
- gzip
- Date
- 2005-05-18
- Advisory ID
- MDKSA-2005:092
- Affected versions
- 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64
Problem description
Several vulnerabilities have been discovered in the gzip package: Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CAN-2005-0758) A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. (CAN-2005-0988) A directory traversal vulnerability via "gunzip -N" in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (CAN-2005-1228) Updated packages are patched to address these issues.
Updated packages
10.2 x86_64
819a41d23efc8ad2c26cd9786178a52c x86_64/10.2/RPMS/gzip-1.2.4a-14.1.102mdk.x86_64.rpm d9a2c5788a582dc194e4726b68708e75 x86_64/10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm
CS2.1 x86_64
7094630fcd81e61eb6402d25b4afa2dd x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.x86_64.rpm 255e4af1676fa7db7ebb6f9997bee3ef x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm
10.0 amd64
55b145f3a6211d3214e4ac84a9f3d2db amd64/10.0/RPMS/gzip-1.2.4a-13.2.100mdk.amd64.rpm 6b8b1c839de2659bdbf3ef7b2d084c49 amd64/10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm
10.2 i586
2e4b095f517150b0c3fd8f06e8b02b54 10.2/RPMS/gzip-1.2.4a-14.1.102mdk.i586.rpm d9a2c5788a582dc194e4726b68708e75 10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm
10.1 i586
f52a97a5a011807be418d9813e8be8a7 10.1/RPMS/gzip-1.2.4a-13.2.101mdk.i586.rpm 50b48751f7f56fafc86ae58c39473b19 10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm
10.0 i586
747eb53b876e9dd0544d58d8cafd436d 10.0/RPMS/gzip-1.2.4a-13.2.100mdk.i586.rpm 6b8b1c839de2659bdbf3ef7b2d084c49 10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm
CS3.0 x86_64
502e80bad0a21a86c06f85836c9e9579 x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.x86_64.rpm 2d3852158ecc68f805ce3e63d3e0c563 x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm
CS3.0 i586
4d73819ec9c73150407ab0a6739e797b corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.i586.rpm 2d3852158ecc68f805ce3e63d3e0c563 corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm
CS2.1 i586
531d8990f2c080218daaafd80fa324d4 corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.i586.rpm 255e4af1676fa7db7ebb6f9997bee3ef corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm
10.1 x86_64
6f68527ab34b108cd142f7612f01624b x86_64/10.1/RPMS/gzip-1.2.4a-13.2.101mdk.x86_64.rpm 50b48751f7f56fafc86ae58c39473b19 x86_64/10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm