Fedora Legacy Test Update Notification: gzip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



with thanks to Ali Lomonaco and Michal Jaegermann for proposing packages!

--------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-211760
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211760
2006-11-06
---------------------------------------------------------------------

Name        : gzip
Versions    : fc3: gzip-1.3.3-16.1.fc3.legacy
Versions    : fc4: gzip-1.3.5-6.1.0.legacy
Summary     : The GNU data compression program.
Description :
The gzip package contains the popular GNU gzip data compression
program. Gzipped files have a .gz extension.

Gzip should be installed on your Red Hat Linux system, because it is a
very commonly used data compression program.


---------------------------------------------------------------------
Update Information:

Updated gzip packages that fix several security issues are now
available.

The gzip package contains the GNU gzip data compression program.

Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash. (CVE-2006-4334, CVE-2006-4338)

Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Users of gzip should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.

---------------------------------------------------------------------
Changelogs

fc3:
* Sat Nov  4 2006 David Eisenstein <deisenst@xxxxxxx> 1.3.3-16.1.fc3.legacy
- Add BuildRequires: texinfo, so gzip.info will be properly created.

* Sat Nov  4 2006 David Eisenstein <deisenst@xxxxxxx> 1.3.3-16.fc3.legacy
- Fedora Legacy bugzilla #211760, fixing the 5 cve's mentioned below.
- Patches taken from RHEL 4.

* Wed Sep  6 2006 Ivana Varekova <varekova@xxxxxxxxxx> 1.3.3-16.rhel4
- fix bug 204676 (patches by Tavis Ormandy)
  - cve-2006-4334 - null dereference problem
  - cve-2006-4335 - buffer overflow problem
  - cve-2006-4336 - buffer underflow problem
  - cve-2006-4338 - infinite loop problem
  - cve-2006-4337 - buffer overflow problem

fc4:
* Tue Oct 31 2006 David Eisenstein - 1.3.5-6.1.0.legacy
- Rebuilt for FC4, reversioning so upgrade path will not be broken.

* Sun Oct 22 2006 Ali Lomonaco <alilomo@xxxxxxxxx> - 1.3.5-9
- rebuilt for Legacy Bugzilla #211760.
- fixes CVE-2006-{4334,4335,4336,4337,4338}.

* Sun Oct 01 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.3.5-9
- rebuilt for unwind info generation, broken in gcc-4.1.1-21

* Wed Sep 20 2006 Ivana Varekova <varekova@xxxxxxxxxx> 1.3.5-8
- fix bug 204676 (patches by Tavis Ormandy)
  - cve-2006-4334 - null dereference problem
  - cve-2006-4335 - buffer overflow problem
  - cve-2006-4336 - buffer underflow problem
  - cve-2006-4338 - infinite loop problem
  - cve-2006-4337 - buffer overflow problem

* Fri Jul 14 2006 Karsten Hopp <karsten@xxxxxxxxx> 1.3.5-7
- buildrequire texinfo, otherwise gzip.info will be empty


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
803cef0b8d4e06f79ae9ce64aee63cdd761e87b6  fedora/3/updates-testing/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm
602ad6828a3388063db0c45f13c256d92b12cc51  fedora/3/updates-testing/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm
7f4737f9e627480ee211022b9dffc1da5696adda  fedora/3/updates-testing/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm

fc4:
1cf4530543c8f7da0d331f11388bb7517fa013e4  fedora/4/updates-testing/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm
17fb012aacf13fcf623c5f6447d4ba127ed4a780  fedora/4/updates-testing/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm
b49360a81b5d4df62dbbb3b2b094515678f41a35  fedora/4/updates-testing/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--
fedora-legacy-list mailing list
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux