Paketname
gzip
Datum
2010-01-20
Advisory ID
MDVSA-2010:019
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

A vulnerability has been found and corrected in gzip:

An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).

The updated packages have been patched to correct thies issue.

Aktualisierte Pakete

CS4.0 x86_64

 6e581dca4d76c64ba34dff28254735a1  corporate/4.0/x86_64/gzip-1.2.4a-15.4.20060mlcs4.x86_64.rpm 
 1018f5b322c1fc0ec74771651475db2f  corporate/4.0/SRPMS/gzip-1.2.4a-15.4.20060mlcs4.src.rpm

CS4.0 i586

 5b8405131c7e6cee1ebd527877e1c126  corporate/4.0/i586/gzip-1.2.4a-15.4.20060mlcs4.i586.rpm 
 1018f5b322c1fc0ec74771651475db2f  corporate/4.0/SRPMS/gzip-1.2.4a-15.4.20060mlcs4.src.rpm

Referenzen