aru Posted January 30, 2006 Report Share Posted January 30, 2006 Mandriva Advisories MDKSA-2006:027 : gzip Updated gzip packages fix zgrep vulnerabilities January 30th, 2006 Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. This was previously corrected in MDKSA-2005:092, however the fix was incomplete.These updated packages provide a more comprehensive fix to the problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:027 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts