LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2010-86 (ncompress)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-86] ncompress: Integer Underflow 


Date:
    	      Thu, 24 Jun 2010 15:02:35 +0300 (EEST)


Message-ID:
    	      <20100624120235.C63E2A7ABC2@lider.pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-86            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-24
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

An integer underflow vulnerability has been fixed which can be used  by 
malicious people to cause denial of service. 


Description
===========

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on
64-bit platforms allows remote attackers to cause a denial  of  service 
(application crash) or possibly execute arbitrary code via a crafted 

archive that uses LZW compression, leading to  an  array  index  error. 
Similar vulnerability with PLSA 2010-14 


Affected packages:

  Pardus 2009:
    ncompress, all before 4.2.4.2-7-5


Resolution
==========

There are update(s) for ncompress. You  can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up ncompress

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=13494
  * http://security.pardus.org.tr/en/2010-14/

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds