Slackware 9.0 SSA-2003-237-01 Critical: Unzip Directory Attack

slackware

August 26, 2003

These fix a security issue where a specially crafted archive mayoverwrite files (including system files anywhere on the filesystem)upon extraction by a user with sufficient permiss...

Summary

Here are the details from the Slackware 9.0 ChangeLog: Mon Aug 25 15:35:28 PDT 2003 patches/packages/infozip-5.50-i486-2.tgz: Fixed a bug where a specially crafted archive might try to write to ../ or ../../, etc, potentially overwriting system files if the user (such as root) has permissions to overwrite them. Thanks to jelmer for locating this problem, and Ben Laurie for providing a patch. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 9.0: Updated package for Slackware -current: MD5 SIGNATURES: Slackware 9.0 package: d262ae0564f475b39e2ccf20fe1dfc41 infozip-5.50-i386-2.tgz Slackware -current package: 8c4b4fc48e145a71e962cd7f99be8a5b infozip-5.50-i486-2.tgz INSTALLATION INSTRUCTIONS: Upgrade using upgradepkg (as root): upgradepkg infozip-5.50-i386-2.tgz Slackware Linux Security Team slackware security@slackware.com

Topics Covered

security advisory critical directory traversal slackware unzip issue

Where Find New Packages

MD5 Signatures

Severity

critical

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory critical directory traversal slackware unzip issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks