namazu-users-en
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Namazu-users-en] About gzip vulnerability

2006-09-20 17:45:37
from [NOKUBI Takatsugu] [Permanent Link] 
Multiple gzip vulnerability information was announced.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338

The above URLs reports about NULL pointer access, buffer overflow, and
infinity loop in gzip. Especially, buffer overflow allows stack
modification, so there is a possibility of any program execution.

Currently, there is no official patch or newest version of
gzip. However, The FreeBSD Project released the patch to fix them.

http://security.freebsd.org/patches/SA-06:21/gzip.patch
http://security.FreeBSD.org/patches/SA-06:21/gzip.patch.asc(sign)

Also, many Linux distibutor and many OS vendors released fixed gzip
package. So we, Namazu Project, strongly recommend updating gzip
properly.
-- 
NOKUBI Takatsugu
E-mail: knok(_at_)daionet(_dot_)gr(_dot_)jp
        knok(_at_)namazu(_dot_)org / knok(_at_)debian(_dot_)org

Attachment: pgpTU7MC1FjTZ.pgp
Description: PGP signature

_______________________________________________
Namazu-users-en mailing list
Namazu-users-en(_at_)namazu(_dot_)org
http://www.namazu.org/cgi-bin/mailman/listinfo/namazu-users-en
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Namazu-users-en] About gzip vulnerability, NOKUBI Takatsugu <=
Previous by Date:  [Namazu-users-en] Namazu for Windows 2.0.16 (archive 002), Tadamasa Teranishi
Next by Date:  [Namazu-users-en] Help with search, Moss, Patricia
Previous by Thread:  [Namazu-users-en] Namazu for Windows 2.0.16 (archive 002), Tadamasa Teranishi
Next by Thread:  [Namazu-users-en] Help with search, Moss, Patricia
Indexes:  [Date] [Thread] [Top] [All Lists]