with thanks to Ali Lomonaco and Michal Jaegermann for proposing packages! -------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-211760 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211760 2006-11-06 --------------------------------------------------------------------- Name : gzip Versions : fc3: gzip-1.3.3-16.1.fc3.legacy Versions : fc4: gzip-1.3.5-6.1.0.legacy Summary : The GNU data compression program. Description : The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Red Hat Linux system, because it is a very commonly used data compression program. --------------------------------------------------------------------- Update Information: Updated gzip packages that fix several security issues are now available. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. --------------------------------------------------------------------- Changelogs fc3: * Sat Nov 4 2006 David Eisenstein <deisenst@xxxxxxx> 1.3.3-16.1.fc3.legacy - Add BuildRequires: texinfo, so gzip.info will be properly created. * Sat Nov 4 2006 David Eisenstein <deisenst@xxxxxxx> 1.3.3-16.fc3.legacy - Fedora Legacy bugzilla #211760, fixing the 5 cve's mentioned below. - Patches taken from RHEL 4. * Wed Sep 6 2006 Ivana Varekova <varekova@xxxxxxxxxx> 1.3.3-16.rhel4 - fix bug 204676 (patches by Tavis Ormandy) - cve-2006-4334 - null dereference problem - cve-2006-4335 - buffer overflow problem - cve-2006-4336 - buffer underflow problem - cve-2006-4338 - infinite loop problem - cve-2006-4337 - buffer overflow problem fc4: * Tue Oct 31 2006 David Eisenstein - 1.3.5-6.1.0.legacy - Rebuilt for FC4, reversioning so upgrade path will not be broken. * Sun Oct 22 2006 Ali Lomonaco <alilomo@xxxxxxxxx> - 1.3.5-9 - rebuilt for Legacy Bugzilla #211760. - fixes CVE-2006-{4334,4335,4336,4337,4338}. * Sun Oct 01 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.3.5-9 - rebuilt for unwind info generation, broken in gcc-4.1.1-21 * Wed Sep 20 2006 Ivana Varekova <varekova@xxxxxxxxxx> 1.3.5-8 - fix bug 204676 (patches by Tavis Ormandy) - cve-2006-4334 - null dereference problem - cve-2006-4335 - buffer overflow problem - cve-2006-4336 - buffer underflow problem - cve-2006-4338 - infinite loop problem - cve-2006-4337 - buffer overflow problem * Fri Jul 14 2006 Karsten Hopp <karsten@xxxxxxxxx> 1.3.5-7 - buildrequire texinfo, otherwise gzip.info will be empty --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc3: 803cef0b8d4e06f79ae9ce64aee63cdd761e87b6 fedora/3/updates-testing/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm 602ad6828a3388063db0c45f13c256d92b12cc51 fedora/3/updates-testing/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm 7f4737f9e627480ee211022b9dffc1da5696adda fedora/3/updates-testing/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm fc4: 1cf4530543c8f7da0d331f11388bb7517fa013e4 fedora/4/updates-testing/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm 17fb012aacf13fcf623c5f6447d4ba127ed4a780 fedora/4/updates-testing/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm b49360a81b5d4df62dbbb3b2b094515678f41a35 fedora/4/updates-testing/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list mailing list fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
