Ubuntu 889-1: gzip vulnerabilities

    Date20 Jan 2010
    CategoryUbuntu
    73
    Posted ByLinuxSecurity Advisories
    It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624) [More...]
    ===========================================================
    Ubuntu Security Notice USN-889-1           January 20, 2010
    gzip vulnerabilities
    CVE-2009-2624, CVE-2010-0001
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      gzip                            1.3.5-12ubuntu0.3
    
    Ubuntu 8.04 LTS:
      gzip                            1.3.12-3.2ubuntu0.1
    
    Ubuntu 8.10:
      gzip                            1.3.12-6ubuntu2.8.10.1
    
    Ubuntu 9.04:
      gzip                            1.3.12-6ubuntu2.9.04.1
    
    Ubuntu 9.10:
      gzip                            1.3.12-8ubuntu1.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that gzip incorrectly handled certain malformed
    compressed files. If a user or automated system were tricked into opening a
    specially crafted gzip file, an attacker could cause gzip to crash or
    possibly execute arbitrary code with the privileges of the user invoking
    the program. (CVE-2009-2624)
    
    Aki Helin discovered that gzip incorrectly handled certain malformed
    files compressed with the Lempel–Ziv–Welch (LZW) algorithm. If a user or
    automated system were tricked into opening a specially crafted gzip file,
    an attacker could cause gzip to crash or possibly execute arbitrary code
    with the privileges of the user invoking the program. (CVE-2010-0001)
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3.diff.gz
          Size/MD5:    60450 f776594c89517aee5199d730262c631a
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3.dsc
          Size/MD5:      580 57e2e736523ddca8eed471e37d95ba56
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
          Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_amd64.deb
          Size/MD5:    76784 382af29edab6956cb7e22d9038e7a0c6
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_i386.deb
          Size/MD5:    71542 2dba95bc16563deca9cb2043716c0614
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_powerpc.deb
          Size/MD5:    78570 14fca9db29e847da26a96d1b7eacc987
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.3_sparc.deb
          Size/MD5:    75350 a32d045bff7a8b2eded7ca44a6c56a71
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1.diff.gz
          Size/MD5:    21097 35ac77f9806cfaf89b44ad13f036ebb0
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1.dsc
          Size/MD5:      690 26bb99c8353a1cea7817da3ac5b72936
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
          Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_amd64.deb
          Size/MD5:   105556 39a705cdad01d749880b1cc6d128cdbc
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_i386.deb
          Size/MD5:   100940 e05abba2953254007df763fd017c99f7
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_lpia.deb
          Size/MD5:   101502 bf3de26dd23cd7514f0d5b224219ac08
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_powerpc.deb
          Size/MD5:   107674 aa414734d70182cfccd0ac02c8873ad2
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-3.2ubuntu0.1_sparc.deb
          Size/MD5:   104294 bb4276c79332aac1f83a49fdaa347374
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1.diff.gz
          Size/MD5:    14889 2de284c09d34e03bcfa28cd23b4dc9bb
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1.dsc
          Size/MD5:     1094 4849b332ad6c9985cce9055552586bc2
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
          Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_amd64.deb
          Size/MD5:   106498 d9d201515bae0a02ba0b4aa624c1bdfd
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_i386.deb
          Size/MD5:   101904 4074fbe8d0b57b38718efca5e1d5b6ae
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_lpia.deb
          Size/MD5:   102400 02c4cfb84517e6919817c7c647cc4fb1
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_powerpc.deb
          Size/MD5:   108666 e1c040d3997a19719553d7696c66ce11
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.8.10.1_sparc.deb
          Size/MD5:   105492 22015ce9386f9efcc9e6747cf454bfbb
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1.diff.gz
          Size/MD5:    14895 3490828be3af884992fc987b7c2f5b2b
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1.dsc
          Size/MD5:     1094 64319e2f975a269dbed1022c6dfef3cf
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
          Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_amd64.deb
          Size/MD5:   106504 4572428e480bab4e70f3e37c7000ec03
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_i386.deb
          Size/MD5:   101912 9ebe65aa9f52828d4dc119088f8b272f
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_lpia.deb
          Size/MD5:   102432 03d12cec2b884662ba1dec7aad3dcd70
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_powerpc.deb
          Size/MD5:   108672 4bf7e4175faf5ca41f66a8a039825b01
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-6ubuntu2.9.04.1_sparc.deb
          Size/MD5:   105472 c672bd50726018ee46973bfc7bf048dd
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1.diff.gz
          Size/MD5:    15815 940f33cfc1386b5697b87cc1392e1bfd
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1.dsc
          Size/MD5:     1116 c8a32b46e7f0a68ce00749d69ed1ecfa
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12.orig.tar.gz
          Size/MD5:   462169 b5bac2d21840ae077e0217bc5e4845b1
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_amd64.deb
          Size/MD5:   107018 ade7350ccb5f830e190d069386d47db1
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_i386.deb
          Size/MD5:   102242 ecd938e16f552d6b6cadfe319f87cb3f
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_lpia.deb
          Size/MD5:   102672 055afc8fe249dc1ea52459d23e886b2f
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_powerpc.deb
          Size/MD5:   108986 2ada6675566a5ef68ab42eb172de5a81
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/g/gzip/gzip_1.3.12-8ubuntu1.1_sparc.deb
          Size/MD5:   106090 e2e1abe98864d65a73a7302b922f97b1
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.