Nom du paquet
gzip
Date
2003-06-16
Advisory ID
MDKSA-2003:068
Affected versions
9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586

Problem description

A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created. The znew problem was initially reported by Michal Zalewski and was again reported more recently to Debian by Paul Szabo.

Updated packages

9.1 i586

 fe732815834057c64e3c4e311ee9462d  9.1/RPMS/gzip-1.2.4a-11.2mdk.i586.rpm
ddf940b835e0718d80840694b65067bc  9.1/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

CS2.1 x86_64

 f75a916a9aeda90ea43cd4f9855199f6  x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.2mdk.x86_64.rpm
ddf940b835e0718d80840694b65067bc  x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

CS2.1 i586

 3e7bff9e74dfacdb5708fdf60b8f18c6  corporate/2.1/RPMS/gzip-1.2.4a-11.2mdk.i586.rpm
ddf940b835e0718d80840694b65067bc  corporate/2.1/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

9.0 i586

 3e7bff9e74dfacdb5708fdf60b8f18c6  9.0/RPMS/gzip-1.2.4a-11.2mdk.i586.rpm
ddf940b835e0718d80840694b65067bc  9.0/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

8.2 i586

 e114d1ff62fe8456d945a11d91362855  8.2/RPMS/gzip-1.2.4a-11.2mdk.i586.rpm
ddf940b835e0718d80840694b65067bc  8.2/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

MNF8.2 i586

 e114d1ff62fe8456d945a11d91362855  mnf8.2/RPMS/gzip-1.2.4a-11.2mdk.i586.rpm
ddf940b835e0718d80840694b65067bc  mnf8.2/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

9.1 i586

 c4947b2e7a4de6f2e72c038e953a402f  ppc/9.1/RPMS/gzip-1.2.4a-11.2mdk.ppc.rpm
ddf940b835e0718d80840694b65067bc  ppc/9.1/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

8.2 i586

 0d290a3f2a22396bcc5a6fc7c77aaeaa  ppc/8.2/RPMS/gzip-1.2.4a-11.2mdk.ppc.rpm
ddf940b835e0718d80840694b65067bc  ppc/8.2/SRPMS/gzip-1.2.4a-11.2mdk.src.rpm

References