--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-157696 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157696 2005-07-18 --------------------------------------------------------------------- Name : gzip Versions : rh73: gzip-1.3.3-1.1.legacy Versions : rh9: gzip-1.3.3-9.1.legacy Versions : fc1: gzip-1.3.3-11.1.legacy Versions : fc2: gzip-1.3.3-12.1.legacy Summary : The GNU data compression program. Description : The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. --------------------------------------------------------------------- Update Information: An updated gzip package is now available. The gzip package contains the GNU gzip data compression program. A bug was found in the way zgrep processes file names. If a user can be tricked into running zgrep on a file with a carefully crafted file name, arbitrary commands could be executed as the user running zgrep. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0758 to this issue. A bug was found in the way gunzip modifies permissions of files being decompressed. A local attacker with write permissions in the directory in which a victim is decompressing a file could remove the file being written and replace it with a hard link to a different file owned by the victim, gunzip then gives the linked file the permissions of the uncompressed file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0988 to this issue. A directory traversal bug was found in the way gunzip processes the -N flag. If a victim decompresses a file with the -N flag, gunzip fails to sanitize the path which could result in a file owned by the victim being overwritten. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1228 to this issue. Users of gzip should upgrade to this updated package, which contains backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-1.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) rh9: * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-9.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) fc1: * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-11.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) fc2: * Wed Jul 13 2005 Jeff Sheltren <sheltren@xxxxxxxxxxx> 1.3.3-12.1.legacy - Patches for CAN 2005-0758, 2005-0988, 2005-1228 (#157696) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 6d93fc47e14ad87b869a26824a53c7c4c86efd8d redhat/7.3/updates-testing/i386/gzip-1.3.3-1.1.legacy.i386.rpm acb874d06480862be1f866bb2e7cb334f68ffd70 redhat/7.3/updates-testing/SRPMS/gzip-1.3.3-1.1.legacy.src.rpm rh9: e502c04eba525ffc028597d89a561234a5e4677a redhat/9/updates-testing/i386/gzip-1.3.3-9.1.legacy.i386.rpm 87df69eab2730b360ab121c9cf0ff6884a086252 redhat/9/updates-testing/SRPMS/gzip-1.3.3-9.1.legacy.src.rpm fc1: 7a915440462673b34c4c24cb91224d80c353beb1 fedora/1/updates-testing/i386/gzip-1.3.3-11.1.legacy.i386.rpm 59ee2ba2d0e7f70829fa303e68dc5d8589505a18 fedora/1/updates-testing/SRPMS/gzip-1.3.3-11.1.legacy.src.rpm fc2: b57fccc4cba1717fd9114ea5d628d6fd704538b9 fedora/2/updates-testing/i386/gzip-1.3.3-12.1.legacy.i386.rpm ecfe9ca29f8d3ba6aa2f9b8aad10a923d1179360 fedora/2/updates-testing/SRPMS/gzip-1.3.3-12.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
