[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of gzip available

We were told by Michal Zalewski that gzexe as shipped with gzip uses
an unsecure method decompressing executables on the fly opening a way
of calling arbitrary programs.  Newer versions for bo and hamm are
fixing this.  We recommend you upgrade your gzip package if you're
using the gzexe method.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 1.3.1 alias bo
-------------------------------

  Source archives:
    ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4-26.1.diff.gz
      MD5 checksum: d2954d118da06e4a0dc5f92890dc9fcc
    ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4-26.1.dsc
      MD5 checksum: 223bfd632a6d39334f50db5b5f5c0119
    ftp://ftp.debian.org/debian/bo/source/base/gzip_1.2.4.orig.tar.gz
      MD5 checksum: b94b3e07797e0cbf3622bb2fe5682f0b

  Intel architecture:
    ftp://ftp.debian.org/debian/bo/binary-i386/base/gzip_1.2.4-26.1.deb
      MD5 checksum: 1f7cb9c0f4c4377cc762e2a00575274d


Debian GNU/Linux pre2.0 alias hamm
----------------------------------

  Source archives:
    ftp://ftp.debian.org/debian/hamm/hamm/source/base/gzip_1.2.4-27.diff.gz
      MD5 checksum: 01e579067ea2555fcaf80c87e4cb837c
    ftp://ftp.debian.org/debian/hamm/hamm/source/base/gzip_1.2.4-27.dsc
      MD5 checksum: d944c76a8994d60c91ae7a59f0e4419c
    ftp://ftp.debian.org/debian/hamm/hamm/source/base/gzip_1.2.4.orig.tar.gz
      MD5 checksum: b94b3e07797e0cbf3622bb2fe5682f0b

  Alpha architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-alpha/base/gzip_1.2.4-27.deb
      MD5 checksum: 450cdf045e782ec563ac20ecf96da191

  Intel architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-i386/base/gzip_1.2.4-27.deb
      MD5 checksum: c172997abdc49c215358613016a9568a

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-m68k/base/gzip_1.2.4-27.deb
      MD5 checksum: ed7203870b6f7358f9bf1d3427ca5138

  PowerPC architecture:
    This architecture is considered experemental.  No fixed gzip
    package can be provided.  Use at your own risk.

  Sparc architecture:
    ftp://ftp.debian.org/debian/hamm/hamm/binary-sparc/base/gzip_1.2.4-27.deb
      MD5 checksum: 3183f4805ef2ed38009cf0ce3df4441d

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpzUiQqaMbV3.pgp
Description: PGP signature

Reply to: