Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2006 > Two Mandriva Linux Security Advisories: 1. MDKSA-2006:026 - Updated bzip2 packages fix bzgrep vulnerabilities 2. MDKSA-2006:027 - Updated gzip packages fix zgrep vulnerabilities

January 2006

Two Mandriva Linux Security Advisories: 1. MDKSA-2006:026 - Updated bzip2 packages fix bzgrep vulnerabilities 2. MDKSA-2006:027 - Updated gzip packages fix zgrep vulnerabilities

ID: 00098
Ref: 97/2006
Date: 31 January 2006:14:20:03
Version: 1
Title: Two Mandriva Linux Security Advisories: 1. MDKSA-2006:026 - Updated bzip2 packages fix bzgrep vulnerabilities 2. MDKSA-2006:027 - Updated gzip packages fix zgrep vulnerabilities
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Two Mandriva Linux Security Advisories:

1. MDKSA-2006:026 - Updated bzip2 packages fix bzgrep vulnerabilities

2. MDKSA-2006:027 - Updated gzip packages fix zgrep vulnerabilities

Detail
======

1. A bug was found in the way that bzgrep processed file names. If a
user could be tricked into running bzgrep on a file with a special
file name, it would be possible to execute arbitrary code with the
privileges of the user running bzgrep.

2. Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which
allows local users to execute arbitrary commands via filenames that are
injected into a sed script.


1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:026
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bzip2
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A bug was found in the way that bzgrep processed file names. If a
user could be tricked into running bzgrep on a file with a special
file name, it would be possible to execute arbitrary code with the
privileges of the user running bzgrep.

As well, the bzip2 package provided with Mandriva Linux 2006 did not
the patch applied to correct CVE-2005-0953 which was previously fixed
by MDKSA-2005:091; those packages are now properly patched.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
9ba66ec27bbf76ba782127e9d35b47cf 10.1/RPMS/bzip2-1.0.2-20.4.101mdk.i586.rpm
aa67aef5d33f2d63dbe1970b75feeb6c 10.1/RPMS/libbzip2_1-1.0.2-20.4.101mdk.i586.rpm
39ac11e51b9891bdbc781a5f57802532 10.1/RPMS/libbzip2_1-devel-1.0.2-20.4.101mdk.i586.rpm
7af647d2bd9ed2235ce9f48e45b88510 10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c482a9d432f31f6ae2de7b2a68547b97 x86_64/10.1/RPMS/bzip2-1.0.2-20.4.101mdk.x86_64.rpm
e9ae19f83d4156ff00b64c3bb738094e x86_64/10.1/RPMS/lib64bzip2_1-1.0.2-20.4.101mdk.x86_64.rpm
464e89b49a8e8b50bf90c2591d0fe773 x86_64/10.1/RPMS/lib64bzip2_1-devel-1.0.2-20.4.101mdk.x86_64.rpm
7af647d2bd9ed2235ce9f48e45b88510 x86_64/10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

Mandriva Linux 10.2:
7df4a217662f8c37e245eb93d93a371d 10.2/RPMS/bzip2-1.0.2-20.3.102mdk.i586.rpm
8f786bbbddacf81ccf78858566f4b61e 10.2/RPMS/libbzip2_1-1.0.2-20.3.102mdk.i586.rpm
560e3fcafd35a390acc92b3585c3e209 10.2/RPMS/libbzip2_1-devel-1.0.2-20.3.102mdk.i586.rpm
70536dcc4a48fd2c927533f5610e4c30 10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
fbb29ba214b192f71f93e1651e2859f6 x86_64/10.2/RPMS/bzip2-1.0.2-20.3.102mdk.x86_64.rpm
fad0d57ba24c7c2564a052621dabef6f x86_64/10.2/RPMS/lib64bzip2_1-1.0.2-20.3.102mdk.x86_64.rpm
e88392d200f33e476e43ff9d07576173 x86_64/10.2/RPMS/lib64bzip2_1-devel-1.0.2-20.3.102mdk.x86_64.rpm
70536dcc4a48fd2c927533f5610e4c30 x86_64/10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

Mandriva Linux 2006.0:
4e0529ee4c44182a0595aafaa4cc5f07 2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.i586.rpm
bce98fe9a3066968923b0bd067908777 2006.0/RPMS/libbzip2_1-1.0.3-1.2.20060mdk.i586.rpm
cbed01da9b0111e3f47f59735ec16a09 2006.0/RPMS/libbzip2_1-devel-1.0.3-1.2.20060mdk.i586.rpm
d099cf8e4a81702f32efbd9afe92f208 2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c2c65e542f1e9b34a801f578f3ce0920 x86_64/2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.x86_64.rpm
e401cf58458c72b0fa8de87352f81ecf x86_64/2006.0/RPMS/lib64bzip2_1-1.0.3-1.2.20060mdk.x86_64.rpm
920aa42c55fc7a97912433ca2c9f5adb x86_64/2006.0/RPMS/lib64bzip2_1-devel-1.0.3-1.2.20060mdk.x86_64.rpm
d099cf8e4a81702f32efbd9afe92f208 x86_64/2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

Corporate Server 2.1:
521d044c36980ad67d31d235cf1290bf corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.i586.rpm
dafdb66e984581813890aa05a9e597e3 corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.i586.rpm
5470771fb2586bf4c28439d7923cbf60 corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.i586.rpm
9215603a9dc985117ec1f5476fb0e05e corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
ec9760c37823edd74fbe67e4f7467607 x86_64/corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.x86_64.rpm
709e7e4d97e553500c334d443a99289d x86_64/corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.x86_64.rpm
032616025d51bb2e2c0d957deb606016 x86_64/corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.x86_64.rpm
9215603a9dc985117ec1f5476fb0e05e x86_64/corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

Corporate 3.0:
abf848e7e0779c5df11a9f52a33c952e corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.i586.rpm
ea41c2d1db6197763b8ae5602de69d47 corporate/3.0/RPMS/libbzip2_1-1.0.2-17.4.C30mdk.i586.rpm
ae5a1944fc833de24f3d6845e815fb91 corporate/3.0/RPMS/libbzip2_1-devel-1.0.2-17.4.C30mdk.i586.rpm
8f3a578903df91bcc206e20f51219063 corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
66856ec28ef826f1eeaca20fb71d1555 x86_64/corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.x86_64.rpm
9e46e6e8bc7eb84d74578339ab19dbd3 x86_64/corporate/3.0/RPMS/lib64bzip2_1-1.0.2-17.4.C30mdk.x86_64.rpm
8a15e6bfcfcf7daee02a3c4770b85b25 x86_64/corporate/3.0/RPMS/lib64bzip2_1-devel-1.0.2-17.4.C30mdk.x86_64.rpm
8f3a578903df91bcc206e20f51219063 x86_64/corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
99d1d85e93178ef63268c0127b22b0ab mnf/2.0/RPMS/bzip2-1.0.2-17.4.M20mdk.i586.rpm
624b0cca4f32689662f41862783ec701 mnf/2.0/RPMS/libbzip2_1-1.0.2-17.4.M20mdk.i586.rpm
384d5f1755aac9bef93454c394a38ba0 mnf/2.0/RPMS/libbzip2_1-devel-1.0.2-17.4.M20mdk.i586.rpm
2426bf6007f6ed217ccbab7304a7bae6 mnf/2.0/SRPMS/bzip2-1.0.2-17.4.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD3lTKmqjQ0CJFipgRAl0TAJ4iTuKEn2slaKq9iZd5U99g+QqcAQCfTIC0
+pEscLPNrpgeTXAmOMbfa0o=
=GxzI
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:027
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gzip
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which
allows local users to execute arbitrary commands via filenames that are
injected into a sed script.

This was previously corrected in MDKSA-2005:092, however the fix was
incomplete. These updated packages provide a more comprehensive fix
to the problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
62937bbc65984b8f32a8817ca9d0a83a 10.1/RPMS/gzip-1.2.4a-13.3.101mdk.i586.rpm
03b66c3fff9a34edf0f714f773755d94 10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
fc3cc9dbcf1ca6b67f19a512ca555ed9 x86_64/10.1/RPMS/gzip-1.2.4a-13.3.101mdk.x86_64.rpm
03b66c3fff9a34edf0f714f773755d94 x86_64/10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.2:
431066b4062f9f23a09a137edb20b7b6 10.2/RPMS/gzip-1.2.4a-14.2.102mdk.i586.rpm
15e833f4126a3708773a7f055c24e21e 10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b18f7f611c82083e8e5605687165f1f3 x86_64/10.2/RPMS/gzip-1.2.4a-14.2.102mdk.x86_64.rpm
15e833f4126a3708773a7f055c24e21e x86_64/10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 2006.0:
9a496bbbe2e1a07096c7ac536fc2456c 2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.i586.rpm
da6e6cd98d8e37904c6e5140950367ac 2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e1e5bf8168bdd95291364b4078504df5 x86_64/2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.x86_64.rpm
da6e6cd98d8e37904c6e5140950367ac x86_64/2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Corporate Server 2.1:
3b8cb2a9448fc5411bd8e49bb7037ffe corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.i586.rpm
3baf958e1a8159e1621f7d1694b24a24 corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
996b5e2b2b3f330fa9387e18e9f7d422 x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.x86_64.rpm
3baf958e1a8159e1621f7d1694b24a24 x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate 3.0:
8d5bbe00592a9830ce4ac5d2b120e867 corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.i586.rpm
5baa56e8feb905c9fb48629344a88b02 corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
0fd942e8d92942d5cee224263a27db9c x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.x86_64.rpm
5baa56e8feb905c9fb48629344a88b02 x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
1c2352fc2445c452769181be3d4e85a1 mnf/2.0/RPMS/gzip-1.2.4a-13.3.M20mdk.i586.rpm
601229e6188ad8ee34ff12f1147c5381 mnf/2.0/SRPMS/gzip-1.2.4a-13.3.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD3m7VmqjQ0CJFipgRAnTjAKDIGu/3EQKMJzmpu1MkNfbvyJtXmQCgkh7N
dirCY+O0YQ9SxxpcvSeOQ4c=
=pYlB
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |