Linux Security
    Linux Security
    Linux Security

    Ubuntu: gzip vulnerabilities

    Date 16 Oct 2006
    3035
    Posted By LinuxSecurity Advisories
    Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user's privileges.
    =========================================================== 
    Ubuntu Security Notice USN-349-1         September 19, 2006
    gzip vulnerabilities
    CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337,
    CVE-2006-4338
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 5.04
    Ubuntu 5.10
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 5.04:
      gzip                                     1.3.5-9ubuntu3.5
    
    Ubuntu 5.10:
      gzip                                     1.3.5-11ubuntu2.1
    
    Ubuntu 6.06 LTS:
      gzip                                     1.3.5-12ubuntu0.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Tavis Ormandy discovered that gzip did not sufficiently verify the
    validity of gzip or compress archives while unpacking. By tricking an
    user or automated system into unpacking a specially crafted compressed
    file, this could be exploited to execute arbitrary code with the
    user's privileges.
    
    
    Updated packages for Ubuntu 5.04:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5.diff.gz
          Size/MD5:    61153 d63e10a794e5ea01f2accdbaf8bf3d80
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5.dsc
          Size/MD5:      570 24976fc238f8e6614cc28cd3d2a6ddca
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
          Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5_amd64.deb
          Size/MD5:    75848 209e5949f27077a5111a0e48e1814e28
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5_i386.deb
          Size/MD5:    70672 bb8ecf2656df00adb2f73d7c58bfae16
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.5_powerpc.deb
          Size/MD5:    77502 866b75307a0c11bba729754014d37cf2
    
    Updated packages for Ubuntu 5.10:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1.diff.gz
          Size/MD5:    61684 90455942d0fc30de77d0a7e03db7901d
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1.dsc
          Size/MD5:      572 e6b726ade7eef11b0ec01a78709718ec
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
          Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_amd64.deb
          Size/MD5:    76842 5afca3802f6380462aa81df1b71e03e6
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_i386.deb
          Size/MD5:    71672 f84d912eb056ba6301d7972a1da6fbf0
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_powerpc.deb
          Size/MD5:    78620 83dbc2b0f7ea1be86bdfd384b0a1a42e
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2.1_sparc.deb
          Size/MD5:    75866 0390a63c0774ae2661fab737371044f8
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1.diff.gz
          Size/MD5:    59646 2661380cbe7761cda97ca2282820a9be
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1.dsc
          Size/MD5:      574 200363f2ab018cea40c61cf9c98c705c
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.gz
          Size/MD5:   331550 3d6c191dfd2bf307014b421c12dc8469
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_amd64.deb
          Size/MD5:    76470 5e9e2d325e742ce73c3c070e5d7856b3
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_i386.deb
          Size/MD5:    71224 4c232bcc8218250455ec4d89eabaa7ea
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_powerpc.deb
          Size/MD5:    78232 43b9c25f558df5037c5b798bd87a43ef
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        https://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0.1_sparc.deb
          Size/MD5:    74976 25095d566148ad95e3a7fd96c03f2122
    
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.