Date: 21 January 2010
References: ESB-2010.0062 ESB-2010.0641
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0064
New gzip packages fix arbitrary code execution
21 January 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gzip
Publisher: Debian
Operating System: Debian GNU/Linux 5
Debian GNU/Linux 4
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-0001 CVE-2009-2624 CVE-2006-4334
Reference: ESB-2010.0062
Original Bulletin:
http://www.debian.org/security/2009/dsa-1974
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1974-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
January 20, 2010 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : gzip
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-2624 CVE-2010-0001
Debian Bug : 507263
Several vulnerabilities have been found in gzip, the GNU compression
utilities. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-2624
Thiemo Nagel discovered a missing input sanitation flaw in the way gzip
used to decompress data blocks for dynamic Huffman codes, which could
lead to the execution of arbitrary code when trying to decompress a
crafted archive. This issue is a reappearance of CVE-2006-4334 and only
affects the lenny version.
CVE-2010-0001
Aki Helin discovered an integer underflow when decompressing files that
are compressed using the LZW algorithm. This could lead to the execution
of arbitrary code when trying to decompress a crafted LZW compressed
gzip archive.
For the stable distribution (lenny), these problems have been fixed in
version 1.3.12-6+lenny1.
For the oldstable distribution (etch), these problems have been fixed in
version 1.3.5-15+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
We recommend that you upgrade your gzip packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Debian (oldstable)
- - ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1.dsc
Size/MD5 checksum: 573 4a4c81d72ed695f7e0b710fa7da00201
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1.diff.gz
Size/MD5 checksum: 62547 34c6cab73195a3b9e2b187636cf69dc2
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5.orig.tar.gz
Size/MD5 checksum: 331550 3d6c191dfd2bf307014b421c12dc8469
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_alpha.deb
Size/MD5 checksum: 84202 2677656b86d648a05b54ba0c03028eb1
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_amd64.deb
Size/MD5 checksum: 76988 86e571b7bf22e4924c5d7f82306ab064
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_arm.deb
Size/MD5 checksum: 79428 7e71e302f090a62f52b7f6f5d35b627b
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_hppa.deb
Size/MD5 checksum: 81616 02d1712f3f62de9f05810cd3a1660d77
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_i386.deb
Size/MD5 checksum: 74324 ac441b57b7423d65985acaef2e40df9f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_ia64.deb
Size/MD5 checksum: 96216 89b544a5f93d7607e1608d7856fa70e8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_mipsel.deb
Size/MD5 checksum: 82266 ff332d05f508dad0d3067dd713bee839
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_powerpc.deb
Size/MD5 checksum: 79722 1e117918ab793443c9da0af6f137e7a7
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_s390.deb
Size/MD5 checksum: 80602 4c5accebc99f8b263cef9500a94ae2ca
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_sparc.deb
Size/MD5 checksum: 77262 f440c798c3fe592896286047b643116d
Debian GNU/Linux 5.0 alias lenny
- - --------------------------------
Debian (stable)
- - ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1.diff.gz
Size/MD5 checksum: 14580 7dac4e2e855b89ec335605722da16bd0
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12.orig.tar.gz
Size/MD5 checksum: 462169 b5bac2d21840ae077e0217bc5e4845b1
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1.dsc
Size/MD5 checksum: 1024 40c1d638034b3c9be692af4057a9499c
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gzip/gzip-win32_1.3.12-6+lenny1_all.deb
Size/MD5 checksum: 68438 858f1373aa128793538f5e5f6e283e24
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_alpha.deb
Size/MD5 checksum: 112736 2afbb523626d0793acf7e1cb4be21938
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_amd64.deb
Size/MD5 checksum: 106024 68119c7d80f94457b2f241cb90bd3aee
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_arm.deb
Size/MD5 checksum: 108462 b8daebe8a54750428f6028612297e76b
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_armel.deb
Size/MD5 checksum: 106906 14e79925acc936699aaa8ccee0b6d04d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_hppa.deb
Size/MD5 checksum: 111448 7e94ea327492912e21b360e45ab324d5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_i386.deb
Size/MD5 checksum: 102866 4cef436339090cd800efb7e6bb92b14b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_ia64.deb
Size/MD5 checksum: 123250 c38a5a05f04fa731340c254028d240c3
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_mipsel.deb
Size/MD5 checksum: 109266 5e17c751ddc3a65085f005dddcf6426c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_powerpc.deb
Size/MD5 checksum: 109502 3ae2e1dfc3b13d0ed4574103aca3904d
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_s390.deb
Size/MD5 checksum: 108896 e7b03509583f7cbed875359a2595a3a0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_sparc.deb
Size/MD5 checksum: 106462 f166981469f7fd047ceabe5f26832638
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktXD9UACgkQ62zWxYk/rQfK4gCfdsWVkE9gjfjgkFDr7zrEPbo3
t40An1bK+hGYG7WbE0bi2D4kGJYgI/rD
=LSoS
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLV4ZvNVH5XJJInbgRAsf9AKCDrhYqX2oDQTvJdduGCzU1qNpphwCfbZY3
XSnxiJglB4PXlWrbHSPaVbk=
=iNDh
-----END PGP SIGNATURE-----
|