• info
• discussion
• exploit
• solution
• references

GNU gzexe Temporary File Vulnerability

Solution:
Debian has issued upgrades that will eliminate the vulnerability in Debian packages. See DSA-308-1 (in the reference section) for URLs.

SGI has released advisory 20040104-01-P to address this issue.
Patch 5424 will be released for IRIX versions later than 6.5.17.
Users should upgrade to one of these versions and then apply the
patch when it is available. Further details can be found in the
attached advisory.


GNU gzip 1.2.4

• Debian gzip_1.2.4-33.2_alpha.deb
  Alpha
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_al pha.deb


• Debian gzip_1.2.4-33.2_arm.deb
  ARM
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_ar m.deb


• Debian gzip_1.2.4-33.2_i386.deb
  IA-32
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_i3 86.deb


• Debian gzip_1.2.4-33.2_m68k.deb
  Motorola 680x0
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_m6 8k.deb


• Debian gzip_1.2.4-33.2_powerpc.deb
  PowerPC
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_po werpc.deb


• Debian gzip_1.2.4-33.2_sparc.deb
  Sun Sparc
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_sp arc.deb

GNU gzip 1.3.2

• Debian gzip_1.3.2-3woody1_alpha.deb
  Alpha
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _alpha.deb


• Debian gzip_1.3.2-3woody1_arm.deb
  ARM
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _arm.deb


• Debian gzip_1.3.2-3woody1_hppa.deb
  HP
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _hppa.deb


• Debian gzip_1.3.2-3woody1_i386.deb
  IA-32
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _i386.deb


• Debian gzip_1.3.2-3woody1_ia64.deb
  IA-64
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _ia64.deb


• Debian gzip_1.3.2-3woody1_m68k.deb
  Motorola 680x0
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _m68k.deb


• Debian gzip_1.3.2-3woody1_mips.deb
  Big endian MIPS
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _mips.deb


• Debian gzip_1.3.2-3woody1_mipsel.deb
  Little endian MIPS
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _mipsel.deb


• Debian gzip_1.3.2-3woody1_powerpc.deb
  PowerPC
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _powerpc.deb


• Debian gzip_1.3.2-3woody1_s390.deb
  IBM S/390
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _s390.deb


• Debian gzip_1.3.2-3woody1_sparc.deb
  Sun Sparc
  http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _sparc.deb