MDKSA-2006:140
- Package name
- ncompress
- Date
- 2006-08-09
- Advisory ID
- MDKSA-2006:140
- Affected versions
- CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64
Problem description
Tavis Ormandy, of the Google Security Team, discovered that ncompress,
when uncompressing data, performed no bounds checking, which could
allow a specially crafted datastream to underflow a .bss buffer with
attacker controlled data.
Updated packages have been patched to correct this issue.
Updated packages
CS3.0 i586
30ecc6154bc75783218b82961288b085 corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.i586.rpm bda272f060534aa25bebf22ed852f647 corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm
2006.0 i586
a1e4fe7d74a1c8e043beb83baec7b34b 2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.i586.rpm 4b87e1b5ba659ce410067b09a75d669e 2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm
2006.0 x86_64
7ce7f3a618b9c3687936145e2563733a x86_64/2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.x86_64.rpm 4b87e1b5ba659ce410067b09a75d669e x86_64/2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm
CS3.0 x86_64
c9340a5c9bea0316f31fc61f6916f192 x86_64/corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.x86_64.rpm bda272f060534aa25bebf22ed852f647 x86_64/corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm