[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 752-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...

DSA-752-1 gzip - several

Bulletin has no description...

zlib inflate() routine vulnerable to buffer overflow

Overview A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate. Description There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate routine. If an attacker...

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...

Debian DSA-740-1 : zlib - remote denial of service

An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. This problem does not affect the old stable distribution woody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

FreeBSD-SA-05:16.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:16.zlib Security Advisory The FreeBSD Project Topic: Buffer overflow in zlib Category: core Module: libz Announced: 2005-07-06 Credits: Tavis Ormandy Affects:...

FreeBSD-SA-05:14.bzip2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:14.bzip2 Security Advisory The FreeBSD Project Topic: bzip2 denial of service and permission race vulnerabilities Category: contrib Module: contribbzip2...

ClamAV antivirus Qantum compression DoS

Compression with small windows size causes anti virus to crash...

gzip security update

CentOS Errata and Security Advisory CESA-2005:357 An updated gzip package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. A bug was found in the way zgrep processes...

FreeBSD-SA-05:11.gzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:11.gzip Security Advisory The FreeBSD Project Topic: gzip directory traversal and permission race vulnerabilities Category: contrib Module: gzip Announced:...

gzip: Multiple vulnerabilities

Background gzip GNU zip is a popular compression program. The included zgrep utility allows you to grep gzipped files in place. Description The gzip and gunzip programs are vulnerable to a race condition when setting file permissions CAN-2005-0988, as well as improper handling of filename...

CVE-2005-0851

CVE-2005-0851 affects the FileZilla FTP Server up to version 0.9.6. When using MODE Z (zlib compression), it can trigger a denial-of-service via certain file uploads or directory listings, causing an infinite loop. The vulnerability is associated with a NETWORK attack vector, with low complexity ...

DEBIAN-CVE-2004-1010

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname...

[Full-Disclosure] WinHKI - BH File Directory Transversal

Application: WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: BH File Directory Transversal Exploitation: Local extract file Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website: http://theinsider.deep-ice.com 1 Introduction 2 Bu...

security flaw

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname...

CVE-2004-0797

The error handling in the 1 inflate and 2 inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service application crash...

CVE-2004-0797

The error handling in the 1 inflate and 2 inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service application crash...

CVE-2004-0797

The error handling in the 1 inflate and 2 inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service application crash...

The zlib compression library is vulnerable to a denial-of-service condition

Overview Un-handled error conditions in the zlib compression library may allow an attacker to cause a denial-of-service condition. Description There is a vulnerability in the error handling mechanisms of the decompression functions in the zlib compression library. The decompression functions...

CVE-2004-0797

The error handling in the 1 inflate and 2 inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service application crash...