FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 01-21-2010, 10:35 AM
Allan McRae
 
Default gzip-1.4-1

Upstream update. Fixes a CVE:

gzip -d could segfault and/or clobber the stack, possibly leading to
arbitrary code execution. This affects x86_64 but not 32-bit systems.
This fixes CVE-2010-0001.
For more details, see http://bugzilla.redhat.com/554418

gzip -d would fail with a CRC error for some valid inputs.
So far, the only valid input known to exhibit this failure was
compressed "from FAT filesystem (MS-DOS, OS/2, NT)". In addition,
to trigger the failure, your memcpy implementation must copy in
the "reverse" order.


Signoff both,
Allan
 
Old 01-21-2010, 11:22 AM
Ronald van Haren
 
Default gzip-1.4-1

On Thu, Jan 21, 2010 at 12:35 PM, Allan McRae <allan@archlinux.org> wrote:
> Upstream update. *Fixes a CVE:
>
> *gzip -d could segfault and/or clobber the stack, possibly leading to
> *arbitrary code execution. *This affects x86_64 but not 32-bit systems.
> *This fixes CVE-2010-0001.
> *For more details, see http://bugzilla.redhat.com/554418
>
> *gzip -d would fail with a CRC error for some valid inputs.
> *So far, the only valid input known to exhibit this failure was
> *compressed "from FAT filesystem (MS-DOS, OS/2, NT)". *In addition,
> *to trigger the failure, your memcpy implementation must copy in
> *the "reverse" order.
>
>
> Signoff both,
> Allan
>

signoff x86_64

Ronald
 
Old 01-23-2010, 05:06 PM
Eric Bélanger
 
Default gzip-1.4-1

On Thu, Jan 21, 2010 at 7:22 AM, Ronald van Haren <pressh@gmail.com> wrote:
> On Thu, Jan 21, 2010 at 12:35 PM, Allan McRae <allan@archlinux.org> wrote:
>> Upstream update. *Fixes a CVE:
>>
>> *gzip -d could segfault and/or clobber the stack, possibly leading to
>> *arbitrary code execution. *This affects x86_64 but not 32-bit systems.
>> *This fixes CVE-2010-0001.
>> *For more details, see http://bugzilla.redhat.com/554418
>>
>> *gzip -d would fail with a CRC error for some valid inputs.
>> *So far, the only valid input known to exhibit this failure was
>> *compressed "from FAT filesystem (MS-DOS, OS/2, NT)". *In addition,
>> *to trigger the failure, your memcpy implementation must copy in
>> *the "reverse" order.
>>
>>
>> Signoff both,
>> Allan
>>
>
> signoff x86_64
>
> Ronald
>

signoff both
 

Thread Tools




All times are GMT. The time now is 07:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org