LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated bzip2 packages fix bzgrep vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep. As well, the bzip2 package provided with Mandriva Linux 2006 did not the patch applied to correct CVE-2005-0953 which was previously fixed by MDKSA-2005:091; those packages are now properly patched. The updated packages have been patched to correct these problems.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:026
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bzip2
 Date    : January 30, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A bug was found in the way that bzgrep processed file names.  If a
 user could be tricked into running bzgrep on a file with a special
 file name, it would be possible to execute arbitrary code with the
 privileges of the user running bzgrep.
 
 As well, the bzip2 package provided with Mandriva Linux 2006 did not
 the patch applied to correct CVE-2005-0953 which was previously fixed
 by MDKSA-2005:091; those packages are now properly patched.
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 9ba66ec27bbf76ba782127e9d35b47cf  10.1/RPMS/bzip2-1.0.2-20.4.101mdk.i586.rpm
 aa67aef5d33f2d63dbe1970b75feeb6c  10.1/RPMS/libbzip2_1-1.0.2-20.4.101mdk.i586.rpm
 39ac11e51b9891bdbc781a5f57802532  10.1/RPMS/libbzip2_1-devel-1.0.2-20.4.101mdk.i586.rpm
 7af647d2bd9ed2235ce9f48e45b88510  10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 c482a9d432f31f6ae2de7b2a68547b97  x86_64/10.1/RPMS/bzip2-1.0.2-20.4.101mdk.x86_64.rpm
 e9ae19f83d4156ff00b64c3bb738094e  x86_64/10.1/RPMS/lib64bzip2_1-1.0.2-20.4.101mdk.x86_64.rpm
 464e89b49a8e8b50bf90c2591d0fe773  x86_64/10.1/RPMS/lib64bzip2_1-devel-1.0.2-20.4.101mdk.x86_64.rpm
 7af647d2bd9ed2235ce9f48e45b88510  x86_64/10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

 Mandriva Linux 10.2:
 7df4a217662f8c37e245eb93d93a371d  10.2/RPMS/bzip2-1.0.2-20.3.102mdk.i586.rpm
 8f786bbbddacf81ccf78858566f4b61e  10.2/RPMS/libbzip2_1-1.0.2-20.3.102mdk.i586.rpm
 560e3fcafd35a390acc92b3585c3e209  10.2/RPMS/libbzip2_1-devel-1.0.2-20.3.102mdk.i586.rpm
 70536dcc4a48fd2c927533f5610e4c30  10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 fbb29ba214b192f71f93e1651e2859f6  x86_64/10.2/RPMS/bzip2-1.0.2-20.3.102mdk.x86_64.rpm
 fad0d57ba24c7c2564a052621dabef6f  x86_64/10.2/RPMS/lib64bzip2_1-1.0.2-20.3.102mdk.x86_64.rpm
 e88392d200f33e476e43ff9d07576173  x86_64/10.2/RPMS/lib64bzip2_1-devel-1.0.2-20.3.102mdk.x86_64.rpm
 70536dcc4a48fd2c927533f5610e4c30  x86_64/10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 4e0529ee4c44182a0595aafaa4cc5f07  2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.i586.rpm
 bce98fe9a3066968923b0bd067908777  2006.0/RPMS/libbzip2_1-1.0.3-1.2.20060mdk.i586.rpm
 cbed01da9b0111e3f47f59735ec16a09  2006.0/RPMS/libbzip2_1-devel-1.0.3-1.2.20060mdk.i586.rpm
 d099cf8e4a81702f32efbd9afe92f208  2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c2c65e542f1e9b34a801f578f3ce0920  x86_64/2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.x86_64.rpm
 e401cf58458c72b0fa8de87352f81ecf  x86_64/2006.0/RPMS/lib64bzip2_1-1.0.3-1.2.20060mdk.x86_64.rpm
 920aa42c55fc7a97912433ca2c9f5adb  x86_64/2006.0/RPMS/lib64bzip2_1-devel-1.0.3-1.2.20060mdk.x86_64.rpm
 d099cf8e4a81702f32efbd9afe92f208  x86_64/2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

 Corporate Server 2.1:
 521d044c36980ad67d31d235cf1290bf  corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.i586.rpm
 dafdb66e984581813890aa05a9e597e3  corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.i586.rpm
 5470771fb2586bf4c28439d7923cbf60  corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.i586.rpm
 9215603a9dc985117ec1f5476fb0e05e  corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 ec9760c37823edd74fbe67e4f7467607  x86_64/corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.x86_64.rpm
 709e7e4d97e553500c334d443a99289d  x86_64/corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.x86_64.rpm
 032616025d51bb2e2c0d957deb606016  x86_64/corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.x86_64.rpm
 9215603a9dc985117ec1f5476fb0e05e  x86_64/corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

 Corporate 3.0:
 abf848e7e0779c5df11a9f52a33c952e  corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.i586.rpm
 ea41c2d1db6197763b8ae5602de69d47  corporate/3.0/RPMS/libbzip2_1-1.0.2-17.4.C30mdk.i586.rpm
 ae5a1944fc833de24f3d6845e815fb91  corporate/3.0/RPMS/libbzip2_1-devel-1.0.2-17.4.C30mdk.i586.rpm
 8f3a578903df91bcc206e20f51219063  corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 66856ec28ef826f1eeaca20fb71d1555  x86_64/corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.x86_64.rpm
 9e46e6e8bc7eb84d74578339ab19dbd3  x86_64/corporate/3.0/RPMS/lib64bzip2_1-1.0.2-17.4.C30mdk.x86_64.rpm
 8a15e6bfcfcf7daee02a3c4770b85b25  x86_64/corporate/3.0/RPMS/lib64bzip2_1-devel-1.0.2-17.4.C30mdk.x86_64.rpm
 8f3a578903df91bcc206e20f51219063  x86_64/corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 99d1d85e93178ef63268c0127b22b0ab  mnf/2.0/RPMS/bzip2-1.0.2-17.4.M20mdk.i586.rpm
 624b0cca4f32689662f41862783ec701  mnf/2.0/RPMS/libbzip2_1-1.0.2-17.4.M20mdk.i586.rpm
 384d5f1755aac9bef93454c394a38ba0  mnf/2.0/RPMS/libbzip2_1-devel-1.0.2-17.4.M20mdk.i586.rpm
 2426bf6007f6ed217ccbab7304a7bae6  mnf/2.0/SRPMS/bzip2-1.0.2-17.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.