[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[RHSA-2006:0667-01] Moderate: gzip security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: gzip security update
Advisory ID:       RHSA-2006:0667-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0667.html
Issue date:        2006-09-19
Updated on:        2006-09-19
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 
                   CVE-2006-4337 CVE-2006-4338 
- ---------------------------------------------------------------------

1. Summary:

Updated gzip packages that fix several security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gzip package contains the GNU gzip data compression program.

Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash. (CVE-2006-4334, CVE-2006-4338)

Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Users of gzip should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

204676 - CVE-2006-4334 gzip multiple issues (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm
ad45a2b7d359191e2d09ea99576e2dc7  gzip-1.3-19.rhel2.src.rpm

i386:
74ea72195027b0a56065882957ae6aed  gzip-1.3-19.rhel2.i386.rpm

ia64:
221b875805ccab0bbaa150664a26ce50  gzip-1.3-19.rhel2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm
ad45a2b7d359191e2d09ea99576e2dc7  gzip-1.3-19.rhel2.src.rpm

ia64:
221b875805ccab0bbaa150664a26ce50  gzip-1.3-19.rhel2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm
ad45a2b7d359191e2d09ea99576e2dc7  gzip-1.3-19.rhel2.src.rpm

i386:
74ea72195027b0a56065882957ae6aed  gzip-1.3-19.rhel2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm
ad45a2b7d359191e2d09ea99576e2dc7  gzip-1.3-19.rhel2.src.rpm

i386:
74ea72195027b0a56065882957ae6aed  gzip-1.3-19.rhel2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm
6bf7ab261a159f83cfe587e77314e95c  gzip-1.3.3-13.rhel3.src.rpm

i386:
842a7c1efcb3ad77701b64413e54408b  gzip-1.3.3-13.rhel3.i386.rpm
b8c31ac57e21170bf8cb2337f17ec063  gzip-debuginfo-1.3.3-13.rhel3.i386.rpm

ia64:
f8d04b7ae735d4e84213bf0bfdfcc7b4  gzip-1.3.3-13.rhel3.ia64.rpm
86864caa406a8d1989c8cea8f013f1a9  gzip-debuginfo-1.3.3-13.rhel3.ia64.rpm

ppc:
391f0bf7e9fdea0f44c31518603a35a2  gzip-1.3.3-13.rhel3.ppc.rpm
cdecf26b0d6a8f4623c7837c428f40dd  gzip-debuginfo-1.3.3-13.rhel3.ppc.rpm

s390:
836385ed074828038b67360c5b019c07  gzip-1.3.3-13.rhel3.s390.rpm
431eb4312e7e41af9c94af02799f72ca  gzip-debuginfo-1.3.3-13.rhel3.s390.rpm

s390x:
b1a0e78bc41851a871649871ad3fa3e7  gzip-1.3.3-13.rhel3.s390x.rpm
2061e12c712ea980416aa9cf3af16842  gzip-debuginfo-1.3.3-13.rhel3.s390x.rpm

x86_64:
565eecd82fbe55386cdf228fccdfaecc  gzip-1.3.3-13.rhel3.x86_64.rpm
6f912a76a999a87785c8d59fcd0f0770  gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm
6bf7ab261a159f83cfe587e77314e95c  gzip-1.3.3-13.rhel3.src.rpm

i386:
842a7c1efcb3ad77701b64413e54408b  gzip-1.3.3-13.rhel3.i386.rpm
b8c31ac57e21170bf8cb2337f17ec063  gzip-debuginfo-1.3.3-13.rhel3.i386.rpm

x86_64:
565eecd82fbe55386cdf228fccdfaecc  gzip-1.3.3-13.rhel3.x86_64.rpm
6f912a76a999a87785c8d59fcd0f0770  gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm
6bf7ab261a159f83cfe587e77314e95c  gzip-1.3.3-13.rhel3.src.rpm

i386:
842a7c1efcb3ad77701b64413e54408b  gzip-1.3.3-13.rhel3.i386.rpm
b8c31ac57e21170bf8cb2337f17ec063  gzip-debuginfo-1.3.3-13.rhel3.i386.rpm

ia64:
f8d04b7ae735d4e84213bf0bfdfcc7b4  gzip-1.3.3-13.rhel3.ia64.rpm
86864caa406a8d1989c8cea8f013f1a9  gzip-debuginfo-1.3.3-13.rhel3.ia64.rpm

x86_64:
565eecd82fbe55386cdf228fccdfaecc  gzip-1.3.3-13.rhel3.x86_64.rpm
6f912a76a999a87785c8d59fcd0f0770  gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm
6bf7ab261a159f83cfe587e77314e95c  gzip-1.3.3-13.rhel3.src.rpm

i386:
842a7c1efcb3ad77701b64413e54408b  gzip-1.3.3-13.rhel3.i386.rpm
b8c31ac57e21170bf8cb2337f17ec063  gzip-debuginfo-1.3.3-13.rhel3.i386.rpm

ia64:
f8d04b7ae735d4e84213bf0bfdfcc7b4  gzip-1.3.3-13.rhel3.ia64.rpm
86864caa406a8d1989c8cea8f013f1a9  gzip-debuginfo-1.3.3-13.rhel3.ia64.rpm

x86_64:
565eecd82fbe55386cdf228fccdfaecc  gzip-1.3.3-13.rhel3.x86_64.rpm
6f912a76a999a87785c8d59fcd0f0770  gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm
5648a7b9c26a7cf20f98dc7ec35babf5  gzip-1.3.3-16.rhel4.src.rpm

i386:
49ccf9c31fa89e32612e6842e56725a8  gzip-1.3.3-16.rhel4.i386.rpm
16d9a5de520b30b2f097c9763eeed1e0  gzip-debuginfo-1.3.3-16.rhel4.i386.rpm

ia64:
85f98bebe3367e17b608317cb3241f27  gzip-1.3.3-16.rhel4.ia64.rpm
d9036a2e65f0f0c62fa6d891b8ddc61f  gzip-debuginfo-1.3.3-16.rhel4.ia64.rpm

ppc:
06e9cdaacd44994bf34c2e701676f154  gzip-1.3.3-16.rhel4.ppc.rpm
600dfab31ce680a8dbd17dde052838f3  gzip-debuginfo-1.3.3-16.rhel4.ppc.rpm

s390:
821f36266c7b91cf4b8dc9ec50280c76  gzip-1.3.3-16.rhel4.s390.rpm
c0d9df3213c1e4c87a6434420bf1a2cb  gzip-debuginfo-1.3.3-16.rhel4.s390.rpm

s390x:
364d5e60560ab8c6e47580da67cc1921  gzip-1.3.3-16.rhel4.s390x.rpm
fd12ba822f86f2e97d3d6cfddd5131b0  gzip-debuginfo-1.3.3-16.rhel4.s390x.rpm

x86_64:
f6ef264363bd174e77b0676cb4bea479  gzip-1.3.3-16.rhel4.x86_64.rpm
e4cc4e0b3c2a294e4528d14cc95e2cdb  gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm
5648a7b9c26a7cf20f98dc7ec35babf5  gzip-1.3.3-16.rhel4.src.rpm

i386:
49ccf9c31fa89e32612e6842e56725a8  gzip-1.3.3-16.rhel4.i386.rpm
16d9a5de520b30b2f097c9763eeed1e0  gzip-debuginfo-1.3.3-16.rhel4.i386.rpm

x86_64:
f6ef264363bd174e77b0676cb4bea479  gzip-1.3.3-16.rhel4.x86_64.rpm
e4cc4e0b3c2a294e4528d14cc95e2cdb  gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm
5648a7b9c26a7cf20f98dc7ec35babf5  gzip-1.3.3-16.rhel4.src.rpm

i386:
49ccf9c31fa89e32612e6842e56725a8  gzip-1.3.3-16.rhel4.i386.rpm
16d9a5de520b30b2f097c9763eeed1e0  gzip-debuginfo-1.3.3-16.rhel4.i386.rpm

ia64:
85f98bebe3367e17b608317cb3241f27  gzip-1.3.3-16.rhel4.ia64.rpm
d9036a2e65f0f0c62fa6d891b8ddc61f  gzip-debuginfo-1.3.3-16.rhel4.ia64.rpm

x86_64:
f6ef264363bd174e77b0676cb4bea479  gzip-1.3.3-16.rhel4.x86_64.rpm
e4cc4e0b3c2a294e4528d14cc95e2cdb  gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm
5648a7b9c26a7cf20f98dc7ec35babf5  gzip-1.3.3-16.rhel4.src.rpm

i386:
49ccf9c31fa89e32612e6842e56725a8  gzip-1.3.3-16.rhel4.i386.rpm
16d9a5de520b30b2f097c9763eeed1e0  gzip-debuginfo-1.3.3-16.rhel4.i386.rpm

ia64:
85f98bebe3367e17b608317cb3241f27  gzip-1.3.3-16.rhel4.ia64.rpm
d9036a2e65f0f0c62fa6d891b8ddc61f  gzip-debuginfo-1.3.3-16.rhel4.ia64.rpm

x86_64:
f6ef264363bd174e77b0676cb4bea479  gzip-1.3.3-16.rhel4.x86_64.rpm
e4cc4e0b3c2a294e4528d14cc95e2cdb  gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert redhat com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFFEAA1XlSAg2UNWIIRAvG5AJ4oZQZ2xO3zuhilGIgpiiDdv3XoeQCfSovS
A3KNuhoEQQgU2vWQZq8kOrM=
=JxrA
-----END PGP SIGNATURE-----



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]