MDVSA-2010:020 -- Mandriva gzipID: oval:org.secpod.oval:def:300108 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in gzip: A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially-crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service or, potentially, to arbitrary code execution with the privileges of the user running gzip . An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |