with thanks to Ali Lomonaco and Michal Jaegermann for proposing packages!
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-211760
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211760
2006-11-06
-
Name: gzip
Versions: fc3: gzip-1.3.3-16.1.fc3.legacy
Versions: fc4: gzip-1.3.5-6.1.0.legacy
Summary : The GNU data compression program.
Description :
The gzip package contains the popular GNU gzip data compression
program. Gzipped files have a .gz extension.
Gzip should be installed on your Red Hat Linux system, because it is a
very commonly used data compression program.
-
Update Information:
Updated gzip packages that fix several security issues are now
available.
The gzip package contains the GNU gzip data compression program.
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash. (CVE-2006-4334, CVE-2006-4338)
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)
Users of gzip should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.
-
Changelogs
fc3:
* Sat Nov 4 2006 David Eisenstein [EMAIL PROTECTED] 1.3.3-16.1.fc3.legacy
- Add BuildRequires: texinfo, so gzip.info will be properly created.
* Sat Nov 4 2006 David Eisenstein [EMAIL PROTECTED] 1.3.3-16.fc3.legacy
- Fedora Legacy bugzilla #211760, fixing the 5 cve's mentioned below.
- Patches taken from RHEL 4.
* Wed Sep 6 2006 Ivana Varekova [EMAIL PROTECTED] 1.3.3-16.rhel4
- fix bug 204676 (patches by Tavis Ormandy)
- cve-2006-4334 - null dereference problem
- cve-2006-4335 - buffer overflow problem
- cve-2006-4336 - buffer underflow problem
- cve-2006-4338 - infinite loop problem
- cve-2006-4337 - buffer overflow problem
fc4:
* Tue Oct 31 2006 David Eisenstein - 1.3.5-6.1.0.legacy
- Rebuilt for FC4, reversioning so upgrade path will not be broken.
* Sun Oct 22 2006 Ali Lomonaco [EMAIL PROTECTED] - 1.3.5-9
- rebuilt for Legacy Bugzilla #211760.
- fixes CVE-2006-{4334,4335,4336,4337,4338}.
* Sun Oct 01 2006 Jesse Keating [EMAIL PROTECTED] - 1.3.5-9
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
* Wed Sep 20 2006 Ivana Varekova [EMAIL PROTECTED] 1.3.5-8
- fix bug 204676 (patches by Tavis Ormandy)
- cve-2006-4334 - null dereference problem
- cve-2006-4335 - buffer overflow problem
- cve-2006-4336 - buffer underflow problem
- cve-2006-4338 - infinite loop problem
- cve-2006-4337 - buffer overflow problem
* Fri Jul 14 2006 Karsten Hopp [EMAIL PROTECTED] 1.3.5-7
- buildrequire texinfo, otherwise gzip.info will be empty
-
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
fc3:
803cef0b8d4e06f79ae9ce64aee63cdd761e87b6
fedora/3/updates-testing/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm
602ad6828a3388063db0c45f13c256d92b12cc51
fedora/3/updates-testing/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm
7f4737f9e627480ee211022b9dffc1da5696adda
fedora/3/updates-testing/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm
fc4:
1cf4530543c8f7da0d331f11388bb7517fa013e4
fedora/4/updates-testing/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm
17fb012aacf13fcf623c5f6447d4ba127ed4a780
fedora/4/updates-testing/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm
b49360a81b5d4df62dbbb3b2b094515678f41a35
fedora/4/updates-testing/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm
-
Please test and comment in bugzilla.
signature.asc
Description: OpenPGP digital signature
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
