About Ubuntu

=========================================================== Ubuntu Security Notice USN-191-1 September 29, 2005 unzip vulnerability CAN-2005-2475 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: unzip The problem can be corrected by upgrading the affected package to version 5.51-2ubuntu0.2 (for Ubuntu 4.10), or 5.51-2ubuntu1.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user.