TITLE: Mandriva update for unzip SECUNIA ADVISORY ID: SA17342 VERIFY ADVISORY: http://secunia.com/advisories/17342/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Mandrake Corporate Server 2.x http://secunia.com/product/1222/ Mandrakelinux 10.1 http://secunia.com/product/4198/ DESCRIPTION: Mandriva has issued an update for unzip. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA16309 An error in which unzip does not warn the user when extracting setuid or setgid files has also been fixed. SOLUTION: Apply updated packages. Mandriva Linux 10.1: cb3280ad8d82e7f7108ed7a5336217ea 10.1/RPMS/unzip-5.51-1.2.101mdk.i586.rpm 0ec9c5f7200a6bc97429408d49f26252 10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 67cb90cf939bd25c74deba5e45d6dbb8 x86_64/10.1/RPMS/unzip-5.51-1.2.101mdk.x86_64.rpm 0ec9c5f7200a6bc97429408d49f26252 x86_64/10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm Corporate Server 2.1: 7588a2f5d443685a928d3c3feb547aba corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.i586.rpm 7d3e7ef187a36a39b3427d0d38959189 corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm Corporate Server 2.1/X86_64: 79aa9befeb7ed8de2220afc3fb3d1886 x86_64/corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.x86_64.rpm 7d3e7ef187a36a39b3427d0d38959189 x86_64/corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm ORIGINAL ADVISORY: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:197 OTHER REFERENCES: SA16309: http://secunia.com/advisories/16309/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------