Package name
gzip
Date
2005-05-18
Advisory ID
MDKSA-2005:092
Affected versions
10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Several vulnerabilities have been discovered in the gzip package: Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CAN-2005-0758) A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. (CAN-2005-0988) A directory traversal vulnerability via "gunzip -N" in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (CAN-2005-1228) Updated packages are patched to address these issues.

Updated packages

10.2 x86_64

 819a41d23efc8ad2c26cd9786178a52c  x86_64/10.2/RPMS/gzip-1.2.4a-14.1.102mdk.x86_64.rpm
d9a2c5788a582dc194e4726b68708e75  x86_64/10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm

CS2.1 x86_64

 7094630fcd81e61eb6402d25b4afa2dd  x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.x86_64.rpm
255e4af1676fa7db7ebb6f9997bee3ef  x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm

10.0 amd64

 55b145f3a6211d3214e4ac84a9f3d2db  amd64/10.0/RPMS/gzip-1.2.4a-13.2.100mdk.amd64.rpm
6b8b1c839de2659bdbf3ef7b2d084c49  amd64/10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm

10.2 i586

 2e4b095f517150b0c3fd8f06e8b02b54  10.2/RPMS/gzip-1.2.4a-14.1.102mdk.i586.rpm
d9a2c5788a582dc194e4726b68708e75  10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm

10.1 i586

 f52a97a5a011807be418d9813e8be8a7  10.1/RPMS/gzip-1.2.4a-13.2.101mdk.i586.rpm
50b48751f7f56fafc86ae58c39473b19  10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm

10.0 i586

 747eb53b876e9dd0544d58d8cafd436d  10.0/RPMS/gzip-1.2.4a-13.2.100mdk.i586.rpm
6b8b1c839de2659bdbf3ef7b2d084c49  10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm

CS3.0 x86_64

 502e80bad0a21a86c06f85836c9e9579  x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.x86_64.rpm
2d3852158ecc68f805ce3e63d3e0c563  x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm

CS3.0 i586

 4d73819ec9c73150407ab0a6739e797b  corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.i586.rpm
2d3852158ecc68f805ce3e63d3e0c563  corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm

CS2.1 i586

 531d8990f2c080218daaafd80fa324d4  corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.i586.rpm
255e4af1676fa7db7ebb6f9997bee3ef  corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm

10.1 x86_64

 6f68527ab34b108cd142f7612f01624b  x86_64/10.1/RPMS/gzip-1.2.4a-13.2.101mdk.x86_64.rpm
50b48751f7f56fafc86ae58c39473b19  x86_64/10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm

References