LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New unzip packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1012-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 21st, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : unzip
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-4667
CERT advisory  : 
BugTraq ID     : 15968
Debian Bug     : 349794.

A buffer overflow in the command line argument parsing has been
discovered in unzip, the de-archiver for ZIP files that could lead to
the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 5.50-1woody6.

For the stable distribution (sarge) this problem has been fixed in
version 5.52-1sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 5.52-7.

We recommend that you upgrade your unzip package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.dsc
      Size/MD5 checksum:      571 cc14465fbe413ef3a7f5c5d9ffc117ce
    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.diff.gz
      Size/MD5 checksum:     7373 6964744843adce4de0913f5ff9a0e710
    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
      Size/MD5 checksum:  1068379 6d27bcdf9b51d0ad0f78161d0f99582e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_alpha.deb
      Size/MD5 checksum:   160670 5314de93efaf4eb391d151fc99b76385

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_arm.deb
      Size/MD5 checksum:   139532 52ce821cdbeb1055acf4000adcbecf10

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_i386.deb
      Size/MD5 checksum:   122950 783758b4c93d0be1c2aad7b2cf41a4a4

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_ia64.deb
      Size/MD5 checksum:   191146 90a66edf48109c217d9da2615a99e32a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_hppa.deb
      Size/MD5 checksum:   147126 4b49f39b4fe4142716df95c08f61a66b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_m68k.deb
      Size/MD5 checksum:   119684 51c36fc99310866c4158b4962f80354f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mips.deb
      Size/MD5 checksum:   143092 988785cbcb0ef2d656c82396b1a3d084

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mipsel.deb
      Size/MD5 checksum:   143534 6f4ee2d9bcadf4aef4dadaf16c270024

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_powerpc.deb
      Size/MD5 checksum:   136544 41839b724b2f0f5faee98bb410b92015

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_s390.deb
      Size/MD5 checksum:   137202 e55b19543ea9b5526daf45506e07a373

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_sparc.deb
      Size/MD5 checksum:   147670 9e0bcfaa072cf09b67b3af6361b6941c


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.dsc
      Size/MD5 checksum:      528 fa94e70012ca87d3c47a32cc1a5ee8d1
    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.diff.gz
      Size/MD5 checksum:     5970 d90c45ee99376216714a74619e9dd241
    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5 checksum:  1140291 9d23919999d6eac9217d1f41472034a9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_alpha.deb
      Size/MD5 checksum:   175568 2c937f3342f888c177d14b508c5bcfc2

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_amd64.deb
      Size/MD5 checksum:   154984 a4b1a683d280713aa81e19b2b2576894

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_arm.deb
      Size/MD5 checksum:   155496 ae1fe7b4d009fa7cfb838e86e53c3017

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_i386.deb
      Size/MD5 checksum:   145018 8e5def26db7c48b5c13374d8721c78f0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_ia64.deb
      Size/MD5 checksum:   206712 72bccff65305290aeb40a548ee134b72

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_hppa.deb
      Size/MD5 checksum:   162914 4e946c0b5fbdb669f9b4dcc7b04dcffa

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_m68k.deb
      Size/MD5 checksum:   133792 5cb71bb725b0f0e12b14103ad31832d2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mips.deb
      Size/MD5 checksum:   163458 c11e854b0131f93c9debf23b18e3e49a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mipsel.deb
      Size/MD5 checksum:   164040 049471a42b402971801375b6bc40825a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_powerpc.deb
      Size/MD5 checksum:   157426 d717ec6573055c17931206906dc8b580

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_s390.deb
      Size/MD5 checksum:   156594 6e200ece0aa56e8c67958568e43ea33c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_sparc.deb
      Size/MD5 checksum:   155024 ebba4fa2a38e5be774a06288860a4757


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.