MDKSA-2006:167

Package name

gzip

Date

2006-09-20

Advisory ID

MDKSA-2006:167

Affected versions

CS4.0 x86_64 , MNF2.0 i586 , 2006.0 i586 , CS4.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2006.0 x86_64

Problem description

NULL Dereference (CVE-2006-4334)

A stack modification vulnerability (where a stack buffer can be
modified out of bounds, but not in the traditional stack overrun sense)
exists in the LZH decompression support of gzip. (CVE-2006-4335)

A .bss buffer underflow exists in gzip's pack support, where a loop
from build_tree() does not enforce any lower bound while constructing
the prefix table. (CVE-2006-4336)

A .bss buffer overflow vulnerability exists in gzip's LZH support, due
to it's inability to handle exceptional input in the make_table()
function, a pathological decoding table can be constructed in such a
way as to generate counts so high that the rapid growth of `nextcode`
exceeds the size of the table[] buffer. (CVE-2006-4337)

A possible infinite loop exists in code from unlzh.c for traversing the
branches of a tree structure. This makes it possible to disrupt the
operation of automated systems relying on gzip for data decompression,
resulting in a minor DoS. (CVE-2006-4338) Updated packages have been
patched to address these issues.

Updated packages

CS4.0 x86_64

 940923c3880d84e597a8507155cc81fd  corporate/4.0/x86_64/gzip-1.2.4a-15.3.20060mlcs4.x86_64.rpm 
 71ee80833c3dd784d1a604698376b0a4  corporate/4.0/SRPMS/gzip-1.2.4a-15.3.20060mlcs4.src.rpm

MNF2.0 i586

 c60c6b5559a4f6f3c9fa811433f2bce6  mnf/2.0/i586/gzip-1.2.4a-13.5.M20mdk.i586.rpm 
 b68cb1643f57f850fef0224788f95795  mnf/2.0/SRPMS/gzip-1.2.4a-13.5.M20mdk.src.rpm

2006.0 i586

 6da645cd7adea1af99a3fcd11e5a3fbc  2006.0/i586/gzip-1.2.4a-15.3.20060mdk.i586.rpm 
 d4acb45be5d2683759578a37d1b8435f  2006.0/SRPMS/gzip-1.2.4a-15.3.20060mdk.src.rpm

CS4.0 i586

 da60be3f5d293fa5c246edf6ae256420  corporate/4.0/i586/gzip-1.2.4a-15.3.20060mlcs4.i586.rpm 
 71ee80833c3dd784d1a604698376b0a4  corporate/4.0/SRPMS/gzip-1.2.4a-15.3.20060mlcs4.src.rpm

CS3.0 x86_64

 7ed6fcfcaa6a43d5e6d055f72a7f7bc5  corporate/3.0/x86_64/gzip-1.2.4a-13.5.C30mdk.x86_64.rpm 
 6c4e3de8975f5f568c5a7a18e7946112  corporate/3.0/SRPMS/gzip-1.2.4a-13.5.C30mdk.src.rpm

CS3.0 i586

 6d80bed89cf647be72f127ed17c5359c  corporate/3.0/i586/gzip-1.2.4a-13.5.C30mdk.i586.rpm 
 6c4e3de8975f5f568c5a7a18e7946112  corporate/3.0/SRPMS/gzip-1.2.4a-13.5.C30mdk.src.rpm

2006.0 x86_64

 732d50ab4b4d7e18751f8a24026182d2  2006.0/x86_64/gzip-1.2.4a-15.3.20060mdk.x86_64.rpm 
 d4acb45be5d2683759578a37d1b8435f  2006.0/SRPMS/gzip-1.2.4a-15.3.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338