<<< Date Index >>>     <<< Thread Index >>>

[USN-248-1] unzip vulnerability



===========================================================
Ubuntu Security Notice USN-248-1          February 13, 2006
unzip vulnerability
CVE-2005-4667
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

unzip

The problem can be corrected by upgrading the affected package to
version 5.51-2ubuntu0.3 (for Ubuntu 4.10), 5.51-2ubuntu1.3 (for Ubuntu
5.04), or 5.52-3ubuntu2.1 (for Ubuntu 5.10).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the handling of file name
arguments. By tricking a user or automated system into processing a
specially crafted, excessively long file name with unzip, an attacker
could exploit this to execute arbitrary code with the user's
privileges.


Updated packages for Ubuntu 4.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3.diff.gz
      Size/MD5:     6433 bd8da93f936f5ac234e5327c59bf8758
    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3.dsc
      Size/MD5:      534 db487b07f655377436bc72be8431351a
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_amd64.deb
      Size/MD5:   148742 3af9fe5de336b8a59b19d2eadb892888

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_i386.deb
      Size/MD5:   135516 c334934daf9a7e49f064ef17e884f106

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.3_powerpc.deb
      Size/MD5:   149480 d5d41b65e3da33976e137bd22a85e2e5

Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3.diff.gz
      Size/MD5:     7253 443470aef5d23f7290151222116fa81d
    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3.dsc
      Size/MD5:      534 2618e86f3a4d42382c0add1ae2f978f5
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_amd64.deb
      Size/MD5:   148844 b30b12cd03aa4cedcc0ab83d387e2466

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_i386.deb
      Size/MD5:   136232 72feb619b0290ba9056cf24f9b467ec0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.3_powerpc.deb
      Size/MD5:   150924 3985b6ad992bd5a4dfd9aef941d83d8b

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1.diff.gz
      Size/MD5:     9670 76fa4142b93fd08f8fa4861533846d90
    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1.dsc
      Size/MD5:      534 4afc9cba0b40ff5fcb5eef8442ac7da2
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52.orig.tar.gz
      Size/MD5:  1140291 9d23919999d6eac9217d1f41472034a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_amd64.deb
      Size/MD5:   160486 6619e42ad67d9e53a50a93cb33073829

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_i386.deb
      Size/MD5:   147208 58a818487eb9b617a3e8f278246528b7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.1_powerpc.deb
      Size/MD5:   161976 d71ed8a8078bbf56bd87d16564fc5197

Attachment: signature.asc
Description: Digital signature