Date: Wed, 28 Jan 1998 16:11:33 -0500 (EST)
From: Erik Troan <ewt@redhat.com>
To: redhat-announce-list@redhat.com
Subject: SECURITY: new gzip now available


gzexe, part of the gzip package, uses files in /tmp which very predictable
names. This may allow users to destroy the contents of files on your system.
As most systtems do not use gzexe, we doubt this will be a problem.

However, Red Hat does recommend upgrading to new versions of the gzip package
to avoid any future problems.

Thanks to Michal Zalewski for finding this problem.

Red Hat 5.0
-------------

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/gzip-1.2.4-10.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/gzip-1.2.4-10.alpha.rpm

Red Hat 4.2
-------------

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/gzip-1.2.4-7.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/gzip-1.2.4-7.alpha.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/gzip-1.2.4-7.sparc.rpm



-- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null