Lucene search

K
centosCentOS ProjectCESA-2006:0667
HistorySep 19, 2006 - 2:54 p.m.

gzip security update

2006-09-1914:54:11
CentOS Project
lists.centos.org
37

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

CentOS Errata and Security Advisory CESA-2006:0667

The gzip package contains the GNU gzip data compression program.

Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash. (CVE-2006-4334, CVE-2006-4338)

Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Users of gzip should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075428.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075429.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075430.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075431.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075432.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075433.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075435.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075436.html

Affected packages:
gzip

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0667

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%