Debian: DSA 1182-1 Urgent Fix for Gzip Code Execution Risk
debian
September 19, 2006
Updated package.
Topics Covered
Summary
A null pointer dereference may lead to denial of service if gzip is
used in an automated manner.
CVE-2006-4335
Missing boundary checks may lead to stack modification, allowing
execution of arbitrary code.
CVE-2006-4336
A buffer underflow in the pack support code may lead to execution of
arbitrary code.
CVE-2006-4337
A buffer underflow in the LZH support code may lead to execution of
arbitrary code.
CVE-2006-4338
An infinite loop may lead to denial of service if gzip is used in
an automated manner.
For the stable distribution (sarge) these problems have been fixed in
version 1.3.5-10sarge2.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.5-15.
We recommend that you upgrade your gzip package.
Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!