[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora Legacy Test Update Notification: gzip

From: Pekka Savola <pekkas netcore fi>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: Fedora Legacy Test Update Notification: gzip
Date: Tue, 7 Nov 2006 20:20:42 +0200 (EET)

On Mon, 6 Nov 2006, David Eisenstein wrote:
> Tavis Ormandy of the Google Security Team discovered two denial of service
> flaws in the way gzip expanded archive files. If a victim expanded a
> specially crafted archive, it could cause the gzip executable to hang or
> crash. (CVE-2006-4334, CVE-2006-4338)
> 
> Tavis Ormandy of the Google Security Team discovered several code execution
> flaws in the way gzip expanded archive files. If a victim expanded a
> specially crafted archive, it could cause the gzip executable to crash or
> execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Those interested in RHL73 may take a look at 
http://staff.csc.fi/psavola/fl/.  It includes RPMs which fix this for 
RHL73, as well as a a couple of other RPMs fixing the most significant 
latest issues (e.g., the recently published PHP issue).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Fedora Legacy Test Update Notification: gzip
  - From: David Eisenstein

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]