LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 1st, 2014
Linux Security Week: July 28th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: gzip vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624) Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel–Ziv–Welch (LZW) algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0001)
===========================================================
Ubuntu Security Notice USN-889-1           January 20, 2010
gzip vulnerabilities
CVE-2009-2624, CVE-2010-0001
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gzip                            1.3.5-12ubuntu0.3

Ubuntu 8.04 LTS:
  gzip                            1.3.12-3.2ubuntu0.1

Ubuntu 8.10:
  gzip                            1.3.12-6ubuntu2.8.10.1

Ubuntu 9.04:
  gzip                            1.3.12-6ubuntu2.9.04.1

Ubuntu 9.10:
  gzip                            1.3.12-8ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that gzip incorrectly handled certain malformed
compressed files. If a user or automated system were tricked into opening a
specially crafted gzip file, an attacker could cause gzip to crash or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-2624)

Aki Helin discovered that gzip incorrectly handled certain malformed
files compressed with the Lempel–Ziv–Welch (LZW) algorithm. If a user or
automated system were tricked into opening a specially crafted gzip file,
an attacker could cause gzip to crash or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0001)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3.diff.gz
      Size/MD5:    60450 f776594c89517aee5199d730262c631a
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3.dsc
      Size/MD5:      580 57e2e736523ddca8eed471e37d95ba56
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
      Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_amd64.deb
      Size/MD5:    76784 382af29edab6956cb7e22d9038e7a0c6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_i386.deb
      Size/MD5:    71542 2dba95bc16563deca9cb2043716c0614

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_powerpc.deb
      Size/MD5:    78570 14fca9db29e847da26a96d1b7eacc987

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_sparc.deb
      Size/MD5:    75350 a32d045bff7a8b2eded7ca44a6c56a71

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1.diff.gz
      Size/MD5:    21097 35ac77f9806cfaf89b44ad13f036ebb0
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1.dsc
      Size/MD5:      690 26bb99c8353a1cea7817da3ac5b72936
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
      Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_amd64.deb
      Size/MD5:   105556 39a705cdad01d749880b1cc6d128cdbc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_i386.deb
      Size/MD5:   100940 e05abba2953254007df763fd017c99f7

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_lpia.deb
      Size/MD5:   101502 bf3de26dd23cd7514f0d5b224219ac08

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_powerpc.deb
      Size/MD5:   107674 aa414734d70182cfccd0ac02c8873ad2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_sparc.deb
      Size/MD5:   104294 bb4276c79332aac1f83a49fdaa347374

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1.diff.gz
      Size/MD5:    14889 2de284c09d34e03bcfa28cd23b4dc9bb
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1.dsc
      Size/MD5:     1094 4849b332ad6c9985cce9055552586bc2
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
      Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_amd64.deb
      Size/MD5:   106498 d9d201515bae0a02ba0b4aa624c1bdfd

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_i386.deb
      Size/MD5:   101904 4074fbe8d0b57b38718efca5e1d5b6ae

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_lpia.deb
      Size/MD5:   102400 02c4cfb84517e6919817c7c647cc4fb1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_powerpc.deb
      Size/MD5:   108666 e1c040d3997a19719553d7696c66ce11

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_sparc.deb
      Size/MD5:   105492 22015ce9386f9efcc9e6747cf454bfbb

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1.diff.gz
      Size/MD5:    14895 3490828be3af884992fc987b7c2f5b2b
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1.dsc
      Size/MD5:     1094 64319e2f975a269dbed1022c6dfef3cf
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
      Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_amd64.deb
      Size/MD5:   106504 4572428e480bab4e70f3e37c7000ec03

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_i386.deb
      Size/MD5:   101912 9ebe65aa9f52828d4dc119088f8b272f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_lpia.deb
      Size/MD5:   102432 03d12cec2b884662ba1dec7aad3dcd70

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_powerpc.deb
      Size/MD5:   108672 4bf7e4175faf5ca41f66a8a039825b01

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_sparc.deb
      Size/MD5:   105472 c672bd50726018ee46973bfc7bf048dd

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1.diff.gz
      Size/MD5:    15815 940f33cfc1386b5697b87cc1392e1bfd
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1.dsc
      Size/MD5:     1116 c8a32b46e7f0a68ce00749d69ed1ecfa
    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
      Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_amd64.deb
      Size/MD5:   107018 ade7350ccb5f830e190d069386d47db1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_i386.deb
      Size/MD5:   102242 ecd938e16f552d6b6cadfe319f87cb3f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_lpia.deb
      Size/MD5:   102672 055afc8fe249dc1ea52459d23e886b2f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_powerpc.deb
      Size/MD5:   108986 2ada6675566a5ef68ab42eb172de5a81

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_sparc.deb
      Size/MD5:   106090 e2e1abe98864d65a73a7302b922f97b1




--=-b3HdSH0OIX70Hy+1Q08C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAktXT1gACgkQLMAs/0C4zNoJ6QCgiYG0GE/BjoM6hJbD8fvdI7DK
znUAn0+rJhspIhSDzI99S+gzOFbvymEQ
=3XpE
-----END PGP SIGNATURE-----

--=-b3HdSH0OIX70Hy+1Q08C--



--==============40402270506079526=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============40402270506079526==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers can easily create dangerous file-encrypting malware, new threat suggests
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.