retitle 305255 CAN-2005-1228 gzip: dir traversal bug when using gunzip -N
thanks
Time to tag the CVE number into the title. :)
This bug is reported into RedHat as bug
URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156266.
There is no patch available there. It is also reported as
[Ulf Harnhammar]
here is a better patch. It removes the directory part of the
filename when it is read from the .gz file, and not when opening it,
so the earlier side effects should disappear now.
The patch applies, but do not compile with gzip 1.2.4a. base_name()
is an unknown function in
Subject: gzip: dir traversal bug when using gunzip -N
Package: gzip
Version: 1.3.5-9
Severity: important
Tags: security patch
A directory traversal bug exists in multiple versions of gzip. When
compressing a file, gzip saves its original name but not its path inside
the compressed file. When
3 matches
Mail list logo