User: Password:
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2006.020 (gzip)

From:  OpenPKG <>
Subject:  [OpenPKG-SA-2006.020] OpenPKG Security Advisory (gzip)
Date:  Wed, 20 Sep 2006 13:26:41 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project OpenPKG-SA-2006.020 20-Sep-2006 ________________________________________________________________________ Package: gzip Vulnerability: denial of service, arbitrary code execution OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= gzip-1.3.5-20050724 >= gzip-1.3.5-20060920 OpenPKG 2-STABLE <= gzip-1.3.5-2.20060622 >= gzip-1.3.5-2.20060920 OpenPKG 2.5-RELEASE <= gzip-1.3.5-2.5.0 >= gzip-1.3.5-2.5.1 Description: Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the compression tool GZIP [1]. The problems are a NULL dereference, an out-of-bound (OOB) write, a buffer underflow, a buffer overflow and an infinite loop. The Common Vulnerabilities and Exposures (CVE) project assigned the ids CVE-2006-4334 [2], CVE-2006-4335 [3], CVE-2006-4336 [4], CVE-2006-4337 [5] and CVE-2006-4338 [6] to the problems. ________________________________________________________________________ References: [1] [2] [3] [4] [5] [6] ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from and hkp:// Follow the instructions on for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <> iD8DBQFFESVYgHWT4GPEy58RAnL5AJ933TxbcOrNaQO5DF9ONBvvUPqsXgCfeHmz 3SSOO5xLnz8L4LPRcQuK7xo= =4l8w -----END PGP SIGNATURE----- ______________________________________________________________________ The OpenPKG Project Project Announcement List

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds