Linux Security
    Linux Security
    Linux Security

    Debian: unzip fix unauthorised permissions modification DSA-903-1

    Date 21 Nov 2005
    7006
    Posted By Joe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 903-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    November 21st, 2005                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : unzip
    Vulnerability  : race condition
    Problem type   : local
    Debian-specific: no
    CVE ID         : CAN-2005-2475
    BugTraq ID     : 14450
    Debian Bug     : 321927
    
    Imran Ghory discovered a race condition in the permissions setting
    code in unzip.  When decompressing a file in a directory an attacker
    has access to, unzip could be tricked to set the file permissions to a
    different file the user has permissions to.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 5.50-1woody4.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 5.52-1sarge2.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 5.52-4.
    
    We recommend that you upgrade your unzip package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4.dsc
          Size/MD5 checksum:      571 684b8e8a520bfb6fa00ed477e1df9f0e
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4.diff.gz
          Size/MD5 checksum:     6099 44a7e7bb15dd3ab02a7e001cdaa0ca79
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
          Size/MD5 checksum:  1068379 6d27bcdf9b51d0ad0f78161d0f99582e
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_alpha.deb
          Size/MD5 checksum:   160404 4031c211175ee7c728f8cc42334ae816
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_arm.deb
          Size/MD5 checksum:   139336 7ebcf2fc5f4cc97000954c05bd80966b
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_i386.deb
          Size/MD5 checksum:   122764 2369eed1365bb4f6aadd09ac75c9693b
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_ia64.deb
          Size/MD5 checksum:   190982 a0e88f9c1279d3b2c7941690e439ff65
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_hppa.deb
          Size/MD5 checksum:   146928 7cfae9b95228d90ca3a1d83bda79655b
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_m68k.deb
          Size/MD5 checksum:   119542 f3b8481fb06596dc6fc84aeefd7e5bbf
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_mips.deb
          Size/MD5 checksum:   142948 dc037b7fa6f703ca7a1b140d2c19911e
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_mipsel.deb
          Size/MD5 checksum:   143390 3630211263e9245e1773913a2474a9ff
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_powerpc.deb
          Size/MD5 checksum:   136326 0aa9b78a55e11796693b906f0900ac64
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_s390.deb
          Size/MD5 checksum:   137018 cfd3ef68d1c6d2ecde54c1a67a6c3adc
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody4_sparc.deb
          Size/MD5 checksum:   147472 3f90c2488e0bf3aa6b3f0ec8acd815d9
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2.dsc
          Size/MD5 checksum:      528 84e70559fc6ca7a2a9331f31f462b548
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2.diff.gz
          Size/MD5 checksum:     4970 69b3a1be17c376bf4419201f4d1ec8a5
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
          Size/MD5 checksum:  1140291 9d23919999d6eac9217d1f41472034a9
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_alpha.deb
          Size/MD5 checksum:   175420 841029027991b860df6215c994b7c3b6
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_amd64.deb
          Size/MD5 checksum:   154804 c3a1cf3a9e5f63af998df54898e4d88f
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_arm.deb
          Size/MD5 checksum:   155356 7d0ea21c83b7c01c74c3822abd5f022c
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_i386.deb
          Size/MD5 checksum:   144864 320a080d0cfbf93a47e75469d95f84e9
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_ia64.deb
          Size/MD5 checksum:   206580 ba92d4f8810bc7a44ab7c8957f23222a
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_hppa.deb
          Size/MD5 checksum:   162756 fd86bf652a165e4f8d390faae9568514
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_m68k.deb
          Size/MD5 checksum:   133674 da733ceba3d7467b46a5ec4ba92d4acc
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_mips.deb
          Size/MD5 checksum:   163318 773c63ffc83a536d8809757d5a8a8b4a
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_mipsel.deb
          Size/MD5 checksum:   163892 18f2898f965b04c40d72d92c91243dfd
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_powerpc.deb
          Size/MD5 checksum:   157286 822fb6f064c6a298659f4966034a76fb
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_s390.deb
          Size/MD5 checksum:   156410 7bb65d46d779040eeaddab1ff916c039
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge2_sparc.deb
          Size/MD5 checksum:   154876 763b24730efd2ac6a334f8d1af1706be
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.