OpenPKG Security Advisory
OpenPKG-SA-2006.020
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.020 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.020 Advisory Published: 2008-11-19 13:00 UTC Issue Id (internal): OpenPKG-SI-20060920.01 Issue First Created: 2006-09-20 Issue Last Modified: 2006-12-07 Issue Revision: 08
Subject Name: gzip Subject Summary: De-/Compression with GZIP Algorithm Subject Home: http://www.gzip.org/ Subject Versions: * <= 1.3.5 Vulnerability Id: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service, arbitrary code execution Description: Tavis Ormandy of the Google Security Team discovered several vulnerabilities in the compression tool GZIP [1]. The problems are a NULL dereference, an out-of-bound (OOB) write, a buffer underflow, a buffer overflow and an infinite loop. References: [1] http://www.gzip.org/
Primary Package Name: gzip Primary Package Home: http://openpkg.org/go/package/gzip Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.5-SOLID gzip-1.3.5-2.5.0 OpenPKG Community 2-STABLE gzip-1.3.5-2.20060622 OpenPKG Community CURRENT gzip-1.3.5-20050724 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.5-SOLID gzip-1.3.5-2.5.1 OpenPKG Community 2-STABLE gzip-1.3.5-2.20060920 OpenPKG Community CURRENT gzip-1.3.5-20060920
