MDVSA-2011:152
- Package name
- ncompress
- Date
- 2011-10-17
- Advisory ID
- MDVSA-2011:152
- Affected versions
- MES5 i586 , MES5 x86_64 , 2010.1 i586 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in ncompress:
An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).
The updated packages have been upgraded to the 4.2.4.4 version which
is not vulnerable to this issue.
Updated packages
MES5 i586
82d9b6490242cb9257f186f0cfcb682e mes5/i586/ncompress-4.2.4.4-0.1mdvmes5.2.i586.rpm 564695e65868d680d3b218307b24189a mes5/SRPMS/ncompress-4.2.4.4-0.1mdvmes5.2.src.rpm
MES5 x86_64
bc945e39f76a798f5010aa541647cd8c mes5/x86_64/ncompress-4.2.4.4-0.1mdvmes5.2.x86_64.rpm 564695e65868d680d3b218307b24189a mes5/SRPMS/ncompress-4.2.4.4-0.1mdvmes5.2.src.rpm
2010.1 i586
21d31dc01147a832568ca56e1dd61447 2010.1/i586/ncompress-4.2.4.4-0.1mdv2010.2.i586.rpm ba9d02cc91a5ebb50e0f8d4c63cb23ec 2010.1/SRPMS/ncompress-4.2.4.4-0.1mdv2010.2.src.rpm
2010.1 x86_64
d289f3b0e72026349addcaa45c92bb95 2010.1/x86_64/ncompress-4.2.4.4-0.1mdv2010.2.x86_64.rpm ba9d02cc91a5ebb50e0f8d4c63cb23ec 2010.1/SRPMS/ncompress-4.2.4.4-0.1mdv2010.2.src.rpm