LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 08-26-2003, 04:57 AM   #1
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
Exclamation Slackware Security Update: unzip vulnerability patched


I thought this might be helpful for everyone who isnt subscribed to the mailing lists ...

Quote:
[slackware-security] unzip vulnerability patched (SSA:2003-237-01)

Upgraded infozip packages are available for Slackware 9.0 and -current.
These fix a security issue where a specially crafted archive may
overwrite files (including system files anywhere on the filesystem)
upon extraction by a user with sufficient permissions.

For more information, see:

http://www.securityfocus.com/bid/7550
http://lwn.net/Articles/38540/
http://xforce.iss.net/xforce/xfdb/12004
http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0282


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Mon Aug 25 15:35:28 PDT 2003
patches/packages/infozip-5.50-i486-2.tgz: Fixed a bug where a specially
crafted archive might try to write to ../ or ../../, etc, potentially
overwriting system files if the user (such as root) has permissions to
overwrite them. Thanks to jelmer for locating this problem, and
Ben Laurie for providing a patch.
(* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackwar....50-i386-2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar....50-i486-2.tgz



MD5 SIGNATURES:
+-------------+

Slackware 9.0 package:
d262ae0564f475b39e2ccf20fe1dfc41 infozip-5.50-i386-2.tgz

Slackware -current package:
8c4b4fc48e145a71e962cd7f99be8a5b infozip-5.50-i486-2.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):
upgradepkg infozip-5.50-i386-2.tgz



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
Old 08-26-2003, 06:03 AM   #2
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
Thanks. But maybe these should all go in one thread so people who haven't seen the old ones can review them when it gets bumped and people who have can just keep up with the new posts?
 
Old 08-26-2003, 12:11 PM   #3
zsejk
Member
 
Registered: Apr 2003
Distribution: Slackware
Posts: 345
Blog Entries: 5

Rep: Reputation: 30
You mean something like http://www.slackware.com/security/li...curity&y=2003?



-zsejk
 
Old 08-26-2003, 12:20 PM   #4
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
Hm. Well, *kinda* like that. I suppose it's close enough.

I have to remember to hit *all* the links at that site and not just the mirrors and the book. Thanks.
 
Old 08-26-2003, 01:50 PM   #5
emilryge
LQ Newbie
 
Registered: Aug 2003
Location: Copenhagen, Denmark
Distribution: Slackware 10
Posts: 28

Rep: Reputation: 15
When was this send out?
I signed up like a week ago (both lists) and still have not recieved a single mail.

- Emil
 
Old 08-26-2003, 01:52 PM   #6
emilryge
LQ Newbie
 
Registered: Aug 2003
Location: Copenhagen, Denmark
Distribution: Slackware 10
Posts: 28

Rep: Reputation: 15
When was this warning send out?

I signed up for both slackware mailing list more than a week ago and still have not recieved a single mail...

- Emil
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wine, Security patched kernel. xconspirisist Linux - Software 8 02-17-2004 06:13 PM
Slackware Security Update: GDM security update phoeniXflame Slackware 2 08-26-2003 05:21 PM
Slackware Security Update: KDE packages updated phoeniXflame Slackware 2 08-04-2003 10:03 AM
OpenSSH - Major Security Vulnerability jeremy Linux - Security 9 06-27-2002 10:36 PM
Slackware Security Update: sudo trickykid Slackware 3 05-01-2002 11:31 PM


All times are GMT -5. The time now is 03:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration