Ubuntu 6301 Published by

A new gzip vulnerabilities update is available for Ubuntu Linux. Here the announcement:



Ubuntu Security Notice USN-349-1 September 19, 2006
gzip vulnerabilities
CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337,
CVE-2006-4338
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
gzip 1.3.5-9ubuntu3.5

Ubuntu 5.10:
gzip 1.3.5-11ubuntu2.1

Ubuntu 6.06 LTS:
gzip 1.3.5-12ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that gzip did not sufficiently verify the
validity of gzip or compress archives while unpacking. By tricking an
user or automated system into unpacking a specially crafted compressed
file, this could be exploited to execute arbitrary code with the
user's privileges.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.=
5.diff.gz
Size/MD5: 61153 d63e10a794e5ea01f2accdbaf8bf3d80
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.=
5.dsc
Size/MD5: 570 24976fc238f8e6614cc28cd3d2a6ddca
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.=
gz
Size/MD5: 331550 3d6c191dfd2bf307014b421c12dc8469

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.=
5_amd64.deb
Size/MD5: 75848 209e5949f27077a5111a0e48e1814e28

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.=
5_i386.deb
Size/MD5: 70672 bb8ecf2656df00adb2f73d7c58bfae16

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.=
5_powerpc.deb
Size/MD5: 77502 866b75307a0c11bba729754014d37cf2

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2=
=2E1.diff.gz
Size/MD5: 61684 90455942d0fc30de77d0a7e03db7901d
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2=
=2E1.dsc
Size/MD5: 572 e6b726ade7eef11b0ec01a78709718ec
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.=
gz
Size/MD5: 331550 3d6c191dfd2bf307014b421c12dc8469

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2=
=2E1_amd64.deb
Size/MD5: 76842 5afca3802f6380462aa81df1b71e03e6

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2=
=2E1_i386.deb
Size/MD5: 71672 f84d912eb056ba6301d7972a1da6fbf0

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2=
=2E1_powerpc.deb
Size/MD5: 78620 83dbc2b0f7ea1be86bdfd384b0a1a42e

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-11ubuntu2=
=2E1_sparc.deb
Size/MD5: 75866 0390a63c0774ae2661fab737371044f8

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0=
=2E1.diff.gz
Size/MD5: 59646 2661380cbe7761cda97ca2282820a9be
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0=
=2E1.dsc
Size/MD5: 574 200363f2ab018cea40c61cf9c98c705c
http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5.orig.tar.=
gz
Size/MD5: 331550 3d6c191dfd2bf307014b421c12dc8469

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0=
=2E1_amd64.deb
Size/MD5: 76470 5e9e2d325e742ce73c3c070e5d7856b3

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0=
=2E1_i386.deb
Size/MD5: 71224 4c232bcc8218250455ec4d89eabaa7ea

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0=
=2E1_powerpc.deb
Size/MD5: 78232 43b9c25f558df5037c5b798bd87a43ef

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-12ubuntu0=
=2E1_sparc.deb
Size/MD5: 74976 25095d566148ad95e3a7fd96c03f2122

--3Gf/FFewwPeBMqCJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFEBFpDecnbV4Fd/IRAlGZAKCWPFHwMM0NexP69dzf/JBmFxh0SwCcCIpW
AuMYjiSpQ88todS2DMjKlKc=
=EkBg
-----END PGP SIGNATURE-----