[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gzip security update

From: "Ed Greshko" <Ed Greshko greshko com>

jdow wrote:
Does anybody other than me think it is a little peculiar that there
was a listed update for gzip today that has an earlier version number
than the one from the second?

gzip-1.3.5-7.1.fc5.i386.rpm    October 2
gzip-1.3.5-7.fc5.i386.rpm      October 10

Did somebody screw up the version numbering?

Well, I've not updated my FC5 system recently.  So, I went to update it
today.  I had gzip-1.3.5-6.2.1 installed and it is being updated to
gzip-1.3.5-7.1.fc5.  So, I'm not sure what you are seeing or why.

I received this today. Please note the version of gzip it calls out.
The October2 patch was declared with a higher version than this security
patch. This raises questions about somebody possibly bolixing up the
version number on a patch we should have. (The files are VASTLY different

Fedora Update Notification

Product     : Fedora Core 5
Name        : gzip
Version     : 1.3.5
Release     : 7.fc5
Summary     : The GNU data compression program.
Description :
The gzip package contains the popular GNU gzip data compression
program. Gzipped files have a .gz extension.

Gzip should be installed on your Red Hat Linux system, because it is a
very commonly used data compression program.


* Wed Sep 20 2006 Ivana Varekova <varekova redhat com> 1.3.5-7.fc5
- fix bug 204676 (patches by Tavis Ormandy)
 - cve-2006-4334 - null dereference problem
 - cve-2006-4335 - buffer overflow problem
 - cve-2006-4336 - buffer underflow problem
 - cve-2006-4338 - infinite loop problem
 - cve-2006-4337 - buffer overflow problem

This update can be downloaded from:

058b352c889d357d2f369d8358643b16820c5e22  SRPMS/gzip-1.3.5-7.fc5.src.rpm
058b352c889d357d2f369d8358643b16820c5e22  noarch/gzip-1.3.5-7.fc5.src.rpm
a9679679039bf6a7646dc18ab267b87a905aee4d  ppc/debug/gzip-debuginfo-1.3.5-7.fc5.ppc.rpm
e9199ea8e46e2e3ead27eae3a1159f4fb47c8d1a  ppc/gzip-1.3.5-7.fc5.ppc.rpm
cc837290ccd3b1427d0121cc668fdf4e282e39f3 x86_64/debug/gzip-debuginfo-1.3.5-7.fc5.x86_64.rpm
d7a7b184f5b98b58ea680fe49414b5b4f88b4ac4  x86_64/gzip-1.3.5-7.fc5.x86_64.rpm
a9450c087c726cb7dba45c97a2507706057a3d84  i386/debug/gzip-debuginfo-1.3.5-7.fc5.i386.rpm
7c1a6092d74f53916a9046c118a25b386993212e  i386/gzip-1.3.5-7.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Fedora-package-announce mailing list
Fedora-package-announce redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]