Mehrere Probleme in gzip
ID: | RHSA-2006:0667-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Enterprise Linux |
Datum: | Di, 19. September 2006, 16:36 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 |
Applikationen: | gzip |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: gzip security update Advisory ID: RHSA-2006:0667-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0667.html Issue date: 2006-09-19 Updated on: 2006-09-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338 - --------------------------------------------------------------------- 1. Summary: Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 204676 - CVE-2006-4334 gzip multiple issues (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 gzip-1.3-19.rhel2.src.rpm i386: 74ea72195027b0a56065882957ae6aed gzip-1.3-19.rhel2.i386.rpm ia64: 221b875805ccab0bbaa150664a26ce50 gzip-1.3-19.rhel2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 gzip-1.3-19.rhel2.src.rpm ia64: 221b875805ccab0bbaa150664a26ce50 gzip-1.3-19.rhel2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 gzip-1.3-19.rhel2.src.rpm i386: 74ea72195027b0a56065882957ae6aed gzip-1.3-19.rhel2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 gzip-1.3-19.rhel2.src.rpm i386: 74ea72195027b0a56065882957ae6aed gzip-1.3-19.rhel2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c gzip-1.3.3-13.rhel3.src.rpm i386: 842a7c1efcb3ad77701b64413e54408b gzip-1.3.3-13.rhel3.i386.rpm b8c31ac57e21170bf8cb2337f17ec063 gzip-debuginfo-1.3.3-13.rhel3.i386.rpm ia64: f8d04b7ae735d4e84213bf0bfdfcc7b4 gzip-1.3.3-13.rhel3.ia64.rpm 86864caa406a8d1989c8cea8f013f1a9 gzip-debuginfo-1.3.3-13.rhel3.ia64.rpm ppc: 391f0bf7e9fdea0f44c31518603a35a2 gzip-1.3.3-13.rhel3.ppc.rpm cdecf26b0d6a8f4623c7837c428f40dd gzip-debuginfo-1.3.3-13.rhel3.ppc.rpm s390: 836385ed074828038b67360c5b019c07 gzip-1.3.3-13.rhel3.s390.rpm 431eb4312e7e41af9c94af02799f72ca gzip-debuginfo-1.3.3-13.rhel3.s390.rpm s390x: b1a0e78bc41851a871649871ad3fa3e7 gzip-1.3.3-13.rhel3.s390x.rpm 2061e12c712ea980416aa9cf3af16842 gzip-debuginfo-1.3.3-13.rhel3.s390x.rpm x86_64: 565eecd82fbe55386cdf228fccdfaecc gzip-1.3.3-13.rhel3.x86_64.rpm 6f912a76a999a87785c8d59fcd0f0770 gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c gzip-1.3.3-13.rhel3.src.rpm i386: 842a7c1efcb3ad77701b64413e54408b gzip-1.3.3-13.rhel3.i386.rpm b8c31ac57e21170bf8cb2337f17ec063 gzip-debuginfo-1.3.3-13.rhel3.i386.rpm x86_64: 565eecd82fbe55386cdf228fccdfaecc gzip-1.3.3-13.rhel3.x86_64.rpm 6f912a76a999a87785c8d59fcd0f0770 gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c gzip-1.3.3-13.rhel3.src.rpm i386: 842a7c1efcb3ad77701b64413e54408b gzip-1.3.3-13.rhel3.i386.rpm b8c31ac57e21170bf8cb2337f17ec063 gzip-debuginfo-1.3.3-13.rhel3.i386.rpm ia64: f8d04b7ae735d4e84213bf0bfdfcc7b4 gzip-1.3.3-13.rhel3.ia64.rpm 86864caa406a8d1989c8cea8f013f1a9 gzip-debuginfo-1.3.3-13.rhel3.ia64.rpm x86_64: 565eecd82fbe55386cdf228fccdfaecc gzip-1.3.3-13.rhel3.x86_64.rpm 6f912a76a999a87785c8d59fcd0f0770 gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c gzip-1.3.3-13.rhel3.src.rpm i386: 842a7c1efcb3ad77701b64413e54408b gzip-1.3.3-13.rhel3.i386.rpm b8c31ac57e21170bf8cb2337f17ec063 gzip-debuginfo-1.3.3-13.rhel3.i386.rpm ia64: f8d04b7ae735d4e84213bf0bfdfcc7b4 gzip-1.3.3-13.rhel3.ia64.rpm 86864caa406a8d1989c8cea8f013f1a9 gzip-debuginfo-1.3.3-13.rhel3.ia64.rpm x86_64: 565eecd82fbe55386cdf228fccdfaecc gzip-1.3.3-13.rhel3.x86_64.rpm 6f912a76a999a87785c8d59fcd0f0770 gzip-debuginfo-1.3.3-13.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 gzip-1.3.3-16.rhel4.src.rpm i386: 49ccf9c31fa89e32612e6842e56725a8 gzip-1.3.3-16.rhel4.i386.rpm 16d9a5de520b30b2f097c9763eeed1e0 gzip-debuginfo-1.3.3-16.rhel4.i386.rpm ia64: 85f98bebe3367e17b608317cb3241f27 gzip-1.3.3-16.rhel4.ia64.rpm d9036a2e65f0f0c62fa6d891b8ddc61f gzip-debuginfo-1.3.3-16.rhel4.ia64.rpm ppc: 06e9cdaacd44994bf34c2e701676f154 gzip-1.3.3-16.rhel4.ppc.rpm 600dfab31ce680a8dbd17dde052838f3 gzip-debuginfo-1.3.3-16.rhel4.ppc.rpm s390: 821f36266c7b91cf4b8dc9ec50280c76 gzip-1.3.3-16.rhel4.s390.rpm c0d9df3213c1e4c87a6434420bf1a2cb gzip-debuginfo-1.3.3-16.rhel4.s390.rpm s390x: 364d5e60560ab8c6e47580da67cc1921 gzip-1.3.3-16.rhel4.s390x.rpm fd12ba822f86f2e97d3d6cfddd5131b0 gzip-debuginfo-1.3.3-16.rhel4.s390x.rpm x86_64: f6ef264363bd174e77b0676cb4bea479 gzip-1.3.3-16.rhel4.x86_64.rpm e4cc4e0b3c2a294e4528d14cc95e2cdb gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 gzip-1.3.3-16.rhel4.src.rpm i386: 49ccf9c31fa89e32612e6842e56725a8 gzip-1.3.3-16.rhel4.i386.rpm 16d9a5de520b30b2f097c9763eeed1e0 gzip-debuginfo-1.3.3-16.rhel4.i386.rpm x86_64: f6ef264363bd174e77b0676cb4bea479 gzip-1.3.3-16.rhel4.x86_64.rpm e4cc4e0b3c2a294e4528d14cc95e2cdb gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 gzip-1.3.3-16.rhel4.src.rpm i386: 49ccf9c31fa89e32612e6842e56725a8 gzip-1.3.3-16.rhel4.i386.rpm 16d9a5de520b30b2f097c9763eeed1e0 gzip-debuginfo-1.3.3-16.rhel4.i386.rpm ia64: 85f98bebe3367e17b608317cb3241f27 gzip-1.3.3-16.rhel4.ia64.rpm d9036a2e65f0f0c62fa6d891b8ddc61f gzip-debuginfo-1.3.3-16.rhel4.ia64.rpm x86_64: f6ef264363bd174e77b0676cb4bea479 gzip-1.3.3-16.rhel4.x86_64.rpm e4cc4e0b3c2a294e4528d14cc95e2cdb gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 gzip-1.3.3-16.rhel4.src.rpm i386: 49ccf9c31fa89e32612e6842e56725a8 gzip-1.3.3-16.rhel4.i386.rpm 16d9a5de520b30b2f097c9763eeed1e0 gzip-debuginfo-1.3.3-16.rhel4.i386.rpm ia64: 85f98bebe3367e17b608317cb3241f27 gzip-1.3.3-16.rhel4.ia64.rpm d9036a2e65f0f0c62fa6d891b8ddc61f gzip-debuginfo-1.3.3-16.rhel4.ia64.rpm x86_64: f6ef264363bd174e77b0676cb4bea479 gzip-1.3.3-16.rhel4.x86_64.rpm e4cc4e0b3c2a294e4528d14cc95e2cdb gzip-debuginfo-1.3.3-16.rhel4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is |