Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2772
zutils security update
18 September 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: zutils
Publisher: Debian
Operating System: Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-1000637
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running zutils check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : zutils
Version : 1.3-4+deb8u1
CVE ID : CVE-2018-1000637
Debian Bug : 902936
zutils version prior to version 1.8-pre2 contains a buffer
overflow vulnerability in zcat which happened with some
input files when the '-v, --show-nonprinting' option was
used (or indirectly enabled). This can result in potential
denial of service or arbitrary code execution. This attack
appear is exploitable via the victim openning a crafted
compressed file and has been fixed in 1.8-pre2.
For Debian 8 "Jessie", this problem has been fixed in
version 1.3-4+deb8u1.
We recommend that you upgrade your zutils packages.
Further information about Debian LTS security advisories,
how to apply these updates to your system and frequently
asked questions can be found at: https://wiki.debian.org/LTS
Regards,
Daniel
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAludevoACgkQVc8b+Yar
ucdJwg/+NgbIKXk6fi6eNLstTM9S2AC1Y/aRAzVpARxXoNr8jIILG7XLHcIeEoDn
LT2YIZn1CKPd6b2Ek+St7DQ7xRuWgyh1yrkcC6MpFO26JtO2Av63hEF2CnfyaO6f
WG84Y+sNmTmD4jBUwDaKHar3Se0UYzb+G95uY4wtGPis+7JanhMml8wP5vaPHu9c
Vsvf7m5l4bUvdE9WKqdlK66qPQQr+T7eGc67jHAcy2YGMsu2aaYcax4OWnpoYcZ5
t/uGwh0sd3sehOad5e42dLdQdVjd3ZEi1bR2fhAweUNxyCz6YeB7XRyJE9/MNVoK
DPtOFQPiekr6MA65yti0jjEyQwzVvnrNT7OiWWPIJ/kdyJ6KbJ/GAiapVnlAvVnF
BjVUKTd2MPdV2nNfrXWDPHCxSbtPfOAjyf1AHgosFdTYJ+8JuJdARJAPYKaC4KEK
QaWynlC/QNB11v6cODHQfX3gj03UvxAaIwHLNIwNebX71VqXgULSZ7wQvwJY+7fZ
V58xyBAiFPtBeJaSb40lhVeOVvVOlS8N8X92iNPmikcPAKvrseYds+kZKWt6rPqd
HsRWPjGbZn2LCBXgs/+f7vJDJ5XvWGEz/9ilc6EuNav8lxX67WWN92o+w1b14QCK
NSwXtkhfPnChoyPXqgEHmSqnqycrl8Xb4/Bl0G4on4R8EmDBQOs=
=JeFl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW6BsfGaOgq3Tt24GAQhrEw//eUrHXcEU1wh2ZmgOkHnj8a1EErUkfkAA
T3ZMHNmVHB61yfDIOcfPwr5cBa+GnRjwylDCwW3uvKg5wcKa8wRL2V43LtCjTFvN
QfUb2GOrHaAU+q6jOhOyH3D/gODpjoI89jeNa8vuzHgJ/+5ioHz7s3FuTCVtIP4h
1kXacOq/fZpAOkoN2hI3W7gi+Q+Fg/sJY9GxtC1zRb2MDRITPPihLbrvSk1at1iC
lgJUUV7YuMjvDisgzwYSQNt3ojaeM0l0QOxWJi5XsT0xyubzvELUr9I0cBcKyaju
b0Pq2nTp2ibA6i45TS/SJzDe8zWHp6l/2VBL+wOHhVCXfpiGrfomtYq3Fi1FS8Xi
j+mXadMO7m9gGmDmPbps4iKto6jrHqvil0E8WugsfLZO6sJm8HhssOCFwiFrVhVW
udfXUN+++Sk5PHa3b7X+nu4Lywick0FihLZ20GOkq3zoQhfoqsSO79jZ9ssT7ytA
xZd+avugCot0zyrjLXRkizCotFn79XRFEf6mDQZ4c71eCLJ7zoWVMlA9sO4B2Dwg
a6aYedARL+eGMHlSwQ5H5pqz85cljOZGpyZvYeTfCYJJiKol47IfhQRFut3arXhU
i70dgX3NXUPbdF0SwgF0Mwt0x10qCKaX8sxiCFxYbuy+TJ8jgES2VhWSsKK/fZ61
CthzhNMslPg=
=zPNP
-----END PGP SIGNATURE-----