-   Slackware (
-   -   Slackware Security Update: unzip vulnerability patched (

phoeniXflame 08-26-2003 04:57 AM

Slackware Security Update: unzip vulnerability patched
I thought this might be helpful for everyone who isnt subscribed to the mailing lists ...


[slackware-security] unzip vulnerability patched (SSA:2003-237-01)

Upgraded infozip packages are available for Slackware 9.0 and -current.
These fix a security issue where a specially crafted archive may
overwrite files (including system files anywhere on the filesystem)
upon extraction by a user with sufficient permissions.

For more information, see:

Here are the details from the Slackware 9.0 ChangeLog:
Mon Aug 25 15:35:28 PDT 2003
patches/packages/infozip-5.50-i486-2.tgz: Fixed a bug where a specially
crafted archive might try to write to ../ or ../../, etc, potentially
overwriting system files if the user (such as root) has permissions to
overwrite them. Thanks to jelmer for locating this problem, and
Ben Laurie for providing a patch.
(* Security fix *)


Updated package for Slackware 9.0:

Updated package for Slackware -current:


Slackware 9.0 package:
d262ae0564f475b39e2ccf20fe1dfc41 infozip-5.50-i386-2.tgz

Slackware -current package:
8c4b4fc48e145a71e962cd7f99be8a5b infozip-5.50-i486-2.tgz


Upgrade using upgradepkg (as root):
upgradepkg infozip-5.50-i386-2.tgz


Slackware Linux Security Team

slakmagik 08-26-2003 06:03 AM

Thanks. But maybe these should all go in one thread so people who haven't seen the old ones can review them when it gets bumped and people who have can just keep up with the new posts?

zsejk 08-26-2003 12:11 PM

You mean something like



slakmagik 08-26-2003 12:20 PM

Hm. Well, *kinda* like that. I suppose it's close enough. ;)

I have to remember to hit *all* the links at that site and not just the mirrors and the book. :) Thanks.

emilryge 08-26-2003 01:50 PM

When was this send out?
I signed up like a week ago (both lists) and still have not recieved a single mail.

- Emil

emilryge 08-26-2003 01:52 PM

When was this warning send out?

I signed up for both slackware mailing list more than a week ago and still have not recieved a single mail...

- Emil

All times are GMT -5. The time now is 10:58 AM.