Oval Definition:oval:com.redhat.rhsa:def:20060667
Revision Date:2006-09-19Version:636
Title:RHSA-2006:0667: gzip security update (Moderate)
Description:The gzip package contains the GNU gzip data compression program.

  • Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338)

  • Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

    Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-4334
    CVE-2006-4335
    CVE-2006-4336
    CVE-2006-4337
    CVE-2006-4338
    RHSA-2006:0667
    RHSA-2006:0667-01
    RHSA-2006:0667-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND gzip is earlier than 0:1.3.3-13.rhel3
  • AND gzip is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND gzip is earlier than 0:1.3.3-16.rhel4
  • AND gzip is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND gzip is earlier than 0:1.3.3-16.rhel4
  • AND gzip is signed with Red Hat redhatrelease2 key
    • BACK