Nom du paquet
ncompress
Date
2011-10-17
Advisory ID
MDVSA-2011:152
Affected versions
MES5 i586 , MES5 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in ncompress:

An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).

The updated packages have been upgraded to the 4.2.4.4 version which
is not vulnerable to this issue.

Updated packages

MES5 i586

 82d9b6490242cb9257f186f0cfcb682e  mes5/i586/ncompress-4.2.4.4-0.1mdvmes5.2.i586.rpm 
 564695e65868d680d3b218307b24189a  mes5/SRPMS/ncompress-4.2.4.4-0.1mdvmes5.2.src.rpm

MES5 x86_64

 bc945e39f76a798f5010aa541647cd8c  mes5/x86_64/ncompress-4.2.4.4-0.1mdvmes5.2.x86_64.rpm 
 564695e65868d680d3b218307b24189a  mes5/SRPMS/ncompress-4.2.4.4-0.1mdvmes5.2.src.rpm

2010.1 i586

 21d31dc01147a832568ca56e1dd61447  2010.1/i586/ncompress-4.2.4.4-0.1mdv2010.2.i586.rpm 
 ba9d02cc91a5ebb50e0f8d4c63cb23ec  2010.1/SRPMS/ncompress-4.2.4.4-0.1mdv2010.2.src.rpm

2010.1 x86_64

 d289f3b0e72026349addcaa45c92bb95  2010.1/x86_64/ncompress-4.2.4.4-0.1mdv2010.2.x86_64.rpm 
 ba9d02cc91a5ebb50e0f8d4c63cb23ec  2010.1/SRPMS/ncompress-4.2.4.4-0.1mdv2010.2.src.rpm

References