MDVSA-2010:019
- Package name
- gzip
- Date
- 2010-01-20
- Advisory ID
- MDVSA-2010:019
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
A vulnerability has been found and corrected in gzip:
An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).
The updated packages have been patched to correct thies issue.
Updated packages
CS4.0 x86_64
6e581dca4d76c64ba34dff28254735a1 corporate/4.0/x86_64/gzip-1.2.4a-15.4.20060mlcs4.x86_64.rpm 1018f5b322c1fc0ec74771651475db2f corporate/4.0/SRPMS/gzip-1.2.4a-15.4.20060mlcs4.src.rpm
CS4.0 i586
5b8405131c7e6cee1ebd527877e1c126 corporate/4.0/i586/gzip-1.2.4a-15.4.20060mlcs4.i586.rpm 1018f5b322c1fc0ec74771651475db2f corporate/4.0/SRPMS/gzip-1.2.4a-15.4.20060mlcs4.src.rpm