Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1974-1:9AB49
HistoryJan 20, 2010 - 2:16 p.m.

[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution

2010-01-2014:16:48
lists.debian.org
14
JSON

Debian Security Advisory DSA-1974-1 [email protected]
http://www.debian.org/security/ Steffen Joeris
January 20, 2010 http://www.debian.org/security/faq

Package : gzip
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-2624 CVE-2010-0001
Debian Bug : 507263

Several vulnerabilities have been found in gzip, the GNU compression
utilities. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-2624

Thiemo Nagel discovered a missing input sanitation flaw in the way gzip
used to decompress data blocks for dynamic Huffman codes, which could
lead to the execution of arbitrary code when trying to decompress a
crafted archive. This issue is a reappearance of CVE-2006-4334 and only
affects the lenny version.

CVE-2010-0001

Aki Helin discovered an integer underflow when decompressing files that
are compressed using the LZW algorithm. This could lead to the execution
of arbitrary code when trying to decompress a crafted LZW compressed
gzip archive.

For the stable distribution (lenny), these problems have been fixed in
version 1.3.12-6+lenny1.

For the oldstable distribution (etch), these problems have been fixed in
version 1.3.5-15+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your gzip packages.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Debian (oldstable)

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1.dsc
Size/MD5 checksum: 573 4a4c81d72ed695f7e0b710fa7da00201
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1.diff.gz
Size/MD5 checksum: 62547 34c6cab73195a3b9e2b187636cf69dc2
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5.orig.tar.gz
Size/MD5 checksum: 331550 3d6c191dfd2bf307014b421c12dc8469

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_alpha.deb
Size/MD5 checksum: 84202 2677656b86d648a05b54ba0c03028eb1

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_amd64.deb
Size/MD5 checksum: 76988 86e571b7bf22e4924c5d7f82306ab064

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_arm.deb
Size/MD5 checksum: 79428 7e71e302f090a62f52b7f6f5d35b627b

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_hppa.deb
Size/MD5 checksum: 81616 02d1712f3f62de9f05810cd3a1660d77

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_i386.deb
Size/MD5 checksum: 74324 ac441b57b7423d65985acaef2e40df9f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_ia64.deb
Size/MD5 checksum: 96216 89b544a5f93d7607e1608d7856fa70e8

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_mipsel.deb
Size/MD5 checksum: 82266 ff332d05f508dad0d3067dd713bee839

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_powerpc.deb
Size/MD5 checksum: 79722 1e117918ab793443c9da0af6f137e7a7

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_s390.deb
Size/MD5 checksum: 80602 4c5accebc99f8b263cef9500a94ae2ca

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_sparc.deb
Size/MD5 checksum: 77262 f440c798c3fe592896286047b643116d

Debian GNU/Linux 5.0 alias lenny

Debian (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1.diff.gz
Size/MD5 checksum: 14580 7dac4e2e855b89ec335605722da16bd0
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12.orig.tar.gz
Size/MD5 checksum: 462169 b5bac2d21840ae077e0217bc5e4845b1
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1.dsc
Size/MD5 checksum: 1024 40c1d638034b3c9be692af4057a9499c

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gzip/gzip-win32_1.3.12-6+lenny1_all.deb
Size/MD5 checksum: 68438 858f1373aa128793538f5e5f6e283e24

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_alpha.deb
Size/MD5 checksum: 112736 2afbb523626d0793acf7e1cb4be21938

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_amd64.deb
Size/MD5 checksum: 106024 68119c7d80f94457b2f241cb90bd3aee

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_arm.deb
Size/MD5 checksum: 108462 b8daebe8a54750428f6028612297e76b

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_armel.deb
Size/MD5 checksum: 106906 14e79925acc936699aaa8ccee0b6d04d

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_hppa.deb
Size/MD5 checksum: 111448 7e94ea327492912e21b360e45ab324d5

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_i386.deb
Size/MD5 checksum: 102866 4cef436339090cd800efb7e6bb92b14b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_ia64.deb
Size/MD5 checksum: 123250 c38a5a05f04fa731340c254028d240c3

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_mipsel.deb
Size/MD5 checksum: 109266 5e17c751ddc3a65085f005dddcf6426c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_powerpc.deb
Size/MD5 checksum: 109502 3ae2e1dfc3b13d0ed4574103aca3904d

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_s390.deb
Size/MD5 checksum: 108896 e7b03509583f7cbed875359a2595a3a0

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_sparc.deb
Size/MD5 checksum: 106462 f166981469f7fd047ceabe5f26832638

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

osv 2
openvas 53
nessus 40
ubuntucve 3
prion 2
debiancve 3
cve 3
fedora 2
ubuntu 2
veracode 2
cert 1
redhat 3
slackware 2
oraclelinux 2
securityvulns 8
altlinux 2
debian 3
centos 3
ibm 1
suse 2
freebsd_advisory 1
freebsd 1
gentoo 2
seebug 1
vmware 2
kitploit 1
osv
osv
gzip - arbitrary code execution
2010-01-20 00:00:00
gzip
2006-09-19 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1974-1)
2010-02-01 00:00:00
Debian Security Advisory DSA 1974-1 (gzip)
2010-02-01 00:00:00
Mandriva Update for gzip MDVSA-2010:020 (gzip)
2010-01-22 00:00:00
nessus
nessus
Debian DSA-1974-1 : gzip - several vulnerabilities
2010-02-24 00:00:00
Oracle Solaris Third-Party Patch Update : gzip (cve_2009_2624_denial_of)
2015-01-19 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : gzip vulnerabilities (USN-889-1)
2010-01-21 00:00:00
ubuntucve
ubuntucve
CVE-2009-2624
2010-01-20 00:00:00
CVE-2006-4334
2006-09-19 00:00:00
CVE-2010-0001
2010-01-20 00:00:00
prion
prion
Design/Logic Flaw
2010-01-29 18:30:00
Integer overflow
2010-01-29 18:30:00
debiancve
debiancve
CVE-2009-2624
2010-01-29 18:30:00
CVE-2006-4334
2006-09-19 21:07:00
CVE-2010-0001
2010-01-29 18:30:00
cve
cve
CVE-2009-2624
2010-01-29 18:30:00
CVE-2006-4334
2006-09-19 21:07:00
CVE-2010-0001
2010-01-29 18:30:00
fedora
fedora
[SECURITY] Fedora 11 Update: gzip-1.3.12-10.fc11
2010-02-01 01:04:06
[SECURITY] Fedora 12 Update: gzip-1.3.12-14.fc12
2010-02-01 01:03:15
ubuntu
ubuntu
gzip vulnerabilities
2010-01-20 00:00:00
gzip vulnerabilities
2006-09-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:00
Denial Of Service (DoS)
2020-04-10 00:39:43
cert
cert
gzip NULL dereference in huft_build()
2006-09-19 00:00:00
redhat
redhat
(RHSA-2010:0061) Moderate: gzip security update
2010-01-20 00:00:00
(RHSA-2006:0667) gzip security update
2006-09-19 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
slackware
slackware
[slackware-security] gzip
2010-03-02 03:33:10
[slackware-security] gzip
2006-09-19 21:15:29
oraclelinux
oraclelinux
gzip security update
2010-01-20 00:00:00
Moderate gzip security update
2006-11-30 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:019 ] gzip
2010-01-21 00:00:00
gzip integer overflow
2010-01-21 00:00:00
Multiple gzip security vulnerabilities
2007-03-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package gzip version 1.3.5-alt6
2010-01-13 00:00:00
Security fix for the ALT Linux 5 package gzip version 1.3.5-alt6
2010-01-13 00:00:00
debian
debian
[SECURITY] [DSA 2074-1] New ncompress packages fix execution of arbitrary code
2010-07-21 08:29:42
[SECURITY] [DSA 2074-1] New ncompress packages fix execution of arbitrary code
2010-07-21 08:29:42
[SECURITY] [DSA 1181-1] New gzip packages fix arbitrary code execution
2006-09-19 19:19:34
centos
centos
gzip security update
2010-01-20 17:49:37
gzip security update
2006-09-19 14:54:11
gzip security update
2006-09-19 23:19:38
ibm
ibm
Security Bulletin: IBM InfoSphere Change Data Capture is affected by Apache Commons Codec open source library vulnerabilities
2019-02-11 16:15:01
suse
suse
remote system compromise in gzip
2006-09-26 13:43:14
remote code execution in acroread
2010-01-26 16:40:23
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:21.gzip
2006-09-19 00:00:00
freebsd
freebsd
gzip -- multiple vulnerabilities
2006-09-19 00:00:00
gentoo
gentoo
gzip: Multiple vulnerabilities
2006-09-23 00:00:00
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00
seebug
seebug
Apple Mac OS X 2006-007ć­˜ćœšć€šäžȘćź‰ć…šæŒæŽž
2006-11-29 00:00:00
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
JSON
Related for DEBIAN:DSA-1974-1:9AB49
osv2openvas53nessus40ubuntucve3prion2debiancve3cve3fedora2ubuntu2veracode2cert1redhat3slackware2oraclelinux2securityvulns8altlinux2debian3centos3ibm1suse2freebsd_advisory1freebsd1gentoo2seebug1vmware2kitploit1