GZip ZNew Insecure Temporary File Creation Symbolic Link Vulnerability

GZip ZNew Insecure Temporary File Creation Symbolic Link Vulnerability

Solution:
Debian has made fixes available. See referenced advisory DSA-308-1 for additional details.

Gentoo Linux has released an advisory. Users who have installed sys-apps/gzip are advised to upgrade to gzip-1.3.3-r2 by issuing the following commands:

emerge sync
emerge gzip
emerge clean

SGI has released advisory 20040104-01-P to address this issue.
Patch 5424 will be released for IRIX versions later than 6.5.17.
Users should upgrade to one of these versions and then apply the
patch when it is available. Further details can be found in the
attached advisory.

Fixes have been made available:

GNU gzip 1.2.4 a

Mandrake gzip-1.2.4a-11.2mdk.i586.rpm
Mandrake Corporate Server 2.1.
http://www.mandrakesecure.net/en/ftp.php

Mandrake gzip-1.2.4a-11.2mdk.i586.rpm
Mandrake Linux 8.2.
http://www.mandrakesecure.net/en/ftp.php

Mandrake gzip-1.2.4a-11.2mdk.i586.rpm
Mandrake Linux 9.0.
http://www.mandrakesecure.net/en/ftp.php

Mandrake gzip-1.2.4a-11.2mdk.i586.rpm
Mandrake Linux 9.1.
http://www.mandrakesecure.net/en/ftp.php

Mandrake gzip-1.2.4a-11.2mdk.i586.rpm
Multi Network Firewall 8.2.
http://www.mandrakesecure.net/en/ftp.php

Mandrake gzip-1.2.4a-11.2mdk.ppc.rpm
Mandrake Linux 8.2/PPC.
http://www.mandrakesecure.net/en/ftp.php

Mandrake gzip-1.2.4a-11.2mdk.ppc.rpm
Mandrake Linux 9.1/PPC.
http://www.mandrakesecure.net/en/ftp.php

GNU gzip 1.2.4

Debian gzip_1.2.4-33.2_alpha.deb
Alpha
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_al pha.deb

Debian gzip_1.2.4-33.2_arm.deb
ARM
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_ar m.deb

Debian gzip_1.2.4-33.2_i386.deb
IA-32
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_i3 86.deb

Debian gzip_1.2.4-33.2_m68k.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_m6 8k.deb

Debian gzip_1.2.4-33.2_powerpc.deb
PowerPC
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_po werpc.deb

Debian gzip_1.2.4-33.2_sparc.deb
Sun Sparc
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_sp arc.deb

GNU gzip 1.3.2

Debian gzip_1.3.2-3woody1_alpha.deb
Alpha
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _alpha.deb

Debian gzip_1.3.2-3woody1_arm.deb
ARM
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _arm.deb

Debian gzip_1.3.2-3woody1_hppa.deb
HP
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _hppa.deb

Debian gzip_1.3.2-3woody1_i386.deb
IA-32
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _i386.deb

Debian gzip_1.3.2-3woody1_ia64.deb
IA-64
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _ia64.deb

Debian gzip_1.3.2-3woody1_m68k.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _m68k.deb

Debian gzip_1.3.2-3woody1_mips.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _mips.deb

Debian gzip_1.3.2-3woody1_mipsel.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _mipsel.deb

Debian gzip_1.3.2-3woody1_powerpc.deb
PowerPC
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _powerpc.deb

Debian gzip_1.3.2-3woody1_s390.deb
IBM S/390
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _s390.deb

Debian gzip_1.3.2-3woody1_sparc.deb
Sun Sparc
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1 _sparc.deb

OpenPKG gzip-1.3.3-1.1.1.src.rpm
ftp://ftp.openpkg.org/release/1.1/UPD/gzip-1.3.3-1.1.1.src.rpm

GNU gzip 1.3.5

OpenPKG gzip-1.3.5-1.2.1.src.rpm
ftp://ftp.openpkg.org/release/1.2/UPD/gzip-1.3.5-1.2.1.src.rpm