Lucene search

K
centosCentOS ProjectCESA-2006:0667-01
HistorySep 19, 2006 - 11:19 p.m.

gzip security update

2006-09-1923:19:38
CentOS Project
lists.centos.org
42

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

CentOS Errata and Security Advisory CESA-2006:0667-01

The gzip package contains the GNU gzip data compression program.

Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash. (CVE-2006-4334, CVE-2006-4338)

Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Users of gzip should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075434.html

Affected packages:
gzip

OSVersionArchitecturePackageVersionFilename
CentOS2i386gzip< 1.3-19.rhel2gzip-1.3-19.rhel2.i386.rpm

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

Related for CESA-2006:0667-01