On Mon, 6 Nov 2006, David Eisenstein wrote: > Tavis Ormandy of the Google Security Team discovered two denial of service > flaws in the way gzip expanded archive files. If a victim expanded a > specially crafted archive, it could cause the gzip executable to hang or > crash. (CVE-2006-4334, CVE-2006-4338) > > Tavis Ormandy of the Google Security Team discovered several code execution > flaws in the way gzip expanded archive files. If a victim expanded a > specially crafted archive, it could cause the gzip executable to crash or > execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Those interested in RHL73 may take a look at http://staff.csc.fi/psavola/fl/. It includes RPMs which fix this for RHL73, as well as a a couple of other RPMs fixing the most significant latest issues (e.g., the recently published PHP issue). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list mailing list fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
