Debian: New unzip packages fix arbitrary code execution

    Date20 Mar 2006
    CategoryDebian
    4716
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1012-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    March 21st, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : unzip
    Vulnerability  : buffer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2005-4667
    CERT advisory  : 
    BugTraq ID     : 15968
    Debian Bug     : 349794.
    
    A buffer overflow in the command line argument parsing has been
    discovered in unzip, the de-archiver for ZIP files that could lead to
    the execution of arbitrary code.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 5.50-1woody6.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 5.52-1sarge4.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 5.52-7.
    
    We recommend that you upgrade your unzip package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.dsc
          Size/MD5 checksum:      571 cc14465fbe413ef3a7f5c5d9ffc117ce
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.diff.gz
          Size/MD5 checksum:     7373 6964744843adce4de0913f5ff9a0e710
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
          Size/MD5 checksum:  1068379 6d27bcdf9b51d0ad0f78161d0f99582e
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_alpha.deb
          Size/MD5 checksum:   160670 5314de93efaf4eb391d151fc99b76385
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_arm.deb
          Size/MD5 checksum:   139532 52ce821cdbeb1055acf4000adcbecf10
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_i386.deb
          Size/MD5 checksum:   122950 783758b4c93d0be1c2aad7b2cf41a4a4
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_ia64.deb
          Size/MD5 checksum:   191146 90a66edf48109c217d9da2615a99e32a
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_hppa.deb
          Size/MD5 checksum:   147126 4b49f39b4fe4142716df95c08f61a66b
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_m68k.deb
          Size/MD5 checksum:   119684 51c36fc99310866c4158b4962f80354f
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mips.deb
          Size/MD5 checksum:   143092 988785cbcb0ef2d656c82396b1a3d084
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mipsel.deb
          Size/MD5 checksum:   143534 6f4ee2d9bcadf4aef4dadaf16c270024
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_powerpc.deb
          Size/MD5 checksum:   136544 41839b724b2f0f5faee98bb410b92015
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_s390.deb
          Size/MD5 checksum:   137202 e55b19543ea9b5526daf45506e07a373
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_sparc.deb
          Size/MD5 checksum:   147670 9e0bcfaa072cf09b67b3af6361b6941c
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.dsc
          Size/MD5 checksum:      528 fa94e70012ca87d3c47a32cc1a5ee8d1
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.diff.gz
          Size/MD5 checksum:     5970 d90c45ee99376216714a74619e9dd241
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
          Size/MD5 checksum:  1140291 9d23919999d6eac9217d1f41472034a9
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_alpha.deb
          Size/MD5 checksum:   175568 2c937f3342f888c177d14b508c5bcfc2
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_amd64.deb
          Size/MD5 checksum:   154984 a4b1a683d280713aa81e19b2b2576894
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_arm.deb
          Size/MD5 checksum:   155496 ae1fe7b4d009fa7cfb838e86e53c3017
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_i386.deb
          Size/MD5 checksum:   145018 8e5def26db7c48b5c13374d8721c78f0
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_ia64.deb
          Size/MD5 checksum:   206712 72bccff65305290aeb40a548ee134b72
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_hppa.deb
          Size/MD5 checksum:   162914 4e946c0b5fbdb669f9b4dcc7b04dcffa
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_m68k.deb
          Size/MD5 checksum:   133792 5cb71bb725b0f0e12b14103ad31832d2
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mips.deb
          Size/MD5 checksum:   163458 c11e854b0131f93c9debf23b18e3e49a
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mipsel.deb
          Size/MD5 checksum:   164040 049471a42b402971801375b6bc40825a
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_powerpc.deb
          Size/MD5 checksum:   157426 d717ec6573055c17931206906dc8b580
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_s390.deb
          Size/MD5 checksum:   156594 6e200ece0aa56e8c67958568e43ea33c
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_sparc.deb
          Size/MD5 checksum:   155024 ebba4fa2a38e5be774a06288860a4757
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.