CAN-2004-0970 The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
We use an unpatched zdiff that looks vulnerable : ---------------snip---------------- gzip -cdfq "$2" > /tmp/"$F".$$ || exit ---------------snip---------------- However there doesn't seem to be any patches out there for that one... Maybe lewk could find one ?
Created attachment 42521 [details, diff] zdiff.in-tempfile.patch Patch to fix tempfile vulnerabilities in zdiff.
base-system, please verify and apply patch.
Patch looks good to me...
Old - gzip-1.3.5-r1 KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ~ia64 ~ppc64 ~s390" New - gzip-1.3.5-r2 KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~ppc64 ~s390" ppc64/ia64/s390 still have 1.3.3-r4 stable. The changes are so minor that I would think the arches would prefer to have this go right into it's stable if it was stable on 1.3.5-r1. But for GLSA's and tools it's always best to rev bump. Arch maintainers in the future what do you prefer when the changes are so tiny and dont effect the object code? 1) That you always be the one todo it. 2) That other I/we use our best judgement and save you a few mails & cpu cycles.
Oh arch-maintainers please test and mark gzip-1.3.5-r2 as stable
sparc tasty.
stable on amd64.
Tested and marked stable on ppc
Stable on alpha.
Stable on mips.
stable on x86
Only zdiff is affected, so it's a B3 : security, please vote on GLSA need.
arm/hppa/ia64/s390 stable
zdiff is fairly obscure...I'll go with no on this one.
Closing without GLSA.
stable on ppc64