gzip buffer overflow
2002-0019
Published: 2002-01-18 19:09:52
Updated: 2002-01-18 19:09:52

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2002-0019

Package name:      gzip
Summary:           Buffer overflow
Date:              2002-01-17
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  From the gzip homepage: "gzip 1.2.4 may crash when an input file name is too
  long (over 1020 characters). The buffer overflow may be exploited if gzip
  is run by a server such as an ftp server. Some ftp servers allow compression
  and decompression on the fly and are thus vulnerable."

Action:
  We recommend that all systems with this package installed are upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time. If you
  want to contribute by testing the various packages in the testing tree,
  please feel free to share your findings on the tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0019-gzip.asc.txt>

MD5sums of the packages:
- --------------------------------------------------------------------------
6958f486136962e4eff87e8e7ed25870  ./1.5/SRPMS/gzip-1.2.4a-18tr.src.rpm
ac9998f2c41b86218988d945c0c2921a  ./1.5/RPMS/gzip-doc-1.2.4a-18tr.i586.rpm
46ff7a81657e3818edf36590c7ed39e8  ./1.5/RPMS/gzip-1.2.4a-18tr.i586.rpm
6958f486136962e4eff87e8e7ed25870  ./1.2/SRPMS/gzip-1.2.4a-18tr.src.rpm
7f18ccec53c9da456930d3ad47a48b29  ./1.2/RPMS/gzip-doc-1.2.4a-18tr.i586.rpm
c9cdc339c7377397ad6127b5c93d671b  ./1.2/RPMS/gzip-1.2.4a-18tr.i586.rpm
6958f486136962e4eff87e8e7ed25870  ./1.1/SRPMS/gzip-1.2.4a-18tr.src.rpm
bdd05316875d8c40045a157c1b3c25b7  ./1.1/RPMS/gzip-doc-1.2.4a-18tr.i586.rpm
3df222499e82ef9042671249a66b8f99  ./1.1/RPMS/gzip-1.2.4a-18tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8SCuVwRTcg4BxxS0RAjl9AKCIaZnjM7I0u5rZ1zCLxs/VT+rqTQCfVkUG
DqYEnzLmxfZnuOVM9OKd1zg=
=S0EU
-----END PGP SIGNATURE-----


 

Privacy Statement
Copyright 2010, SecurityFocus