Fedora Legacy Test Update Notification: gzip
Pekka Savola
pekkas at netcore.fi
Tue Nov 7 18:20:42 UTC 2006
On Mon, 6 Nov 2006, David Eisenstein wrote:
> Tavis Ormandy of the Google Security Team discovered two denial of service
> flaws in the way gzip expanded archive files. If a victim expanded a
> specially crafted archive, it could cause the gzip executable to hang or
> crash. (CVE-2006-4334, CVE-2006-4338)
>
> Tavis Ormandy of the Google Security Team discovered several code execution
> flaws in the way gzip expanded archive files. If a victim expanded a
> specially crafted archive, it could cause the gzip executable to crash or
> execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)
Those interested in RHL73 may take a look at
http://staff.csc.fi/psavola/fl/. It includes RPMs which fix this for
RHL73, as well as a a couple of other RPMs fixing the most significant
latest issues (e.g., the recently published PHP issue).
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-legacy-list
mailing list