From: Trustix Secure Linux Advisor <tsl@trustix.com> To: tsl-announce@trustix.com Subject: TSLSA-2002-0019 - gzip Date: Fri, 18 Jan 2002 16:48:19 +0100 Cc: bugtraq@securityfocus.com, linsec@lists.seifried.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Bugfix Advisory #2002-0019 Package name: gzip Summary: Buffer overflow Date: 2002-01-17 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: From the gzip homepage: "gzip 1.2.4 may crash when an input file name is too long (over 1020 characters). The buffer overflow may be exploited if gzip is run by a server such as an ftp server. Some ftp servers allow compression and decompression on the fly and are thus vulnerable." Action: We recommend that all systems with this package installed are upgraded. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0019-gzip.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 6958f486136962e4eff87e8e7ed25870 ./1.5/SRPMS/gzip-1.2.4a-18tr.src.rpm ac9998f2c41b86218988d945c0c2921a ./1.5/RPMS/gzip-doc-1.2.4a-18tr.i586.rpm 46ff7a81657e3818edf36590c7ed39e8 ./1.5/RPMS/gzip-1.2.4a-18tr.i586.rpm 6958f486136962e4eff87e8e7ed25870 ./1.2/SRPMS/gzip-1.2.4a-18tr.src.rpm 7f18ccec53c9da456930d3ad47a48b29 ./1.2/RPMS/gzip-doc-1.2.4a-18tr.i586.rpm c9cdc339c7377397ad6127b5c93d671b ./1.2/RPMS/gzip-1.2.4a-18tr.i586.rpm 6958f486136962e4eff87e8e7ed25870 ./1.1/SRPMS/gzip-1.2.4a-18tr.src.rpm bdd05316875d8c40045a157c1b3c25b7 ./1.1/RPMS/gzip-doc-1.2.4a-18tr.i586.rpm 3df222499e82ef9042671249a66b8f99 ./1.1/RPMS/gzip-1.2.4a-18tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8SCuVwRTcg4BxxS0RAjl9AKCIaZnjM7I0u5rZ1zCLxs/VT+rqTQCfVkUG DqYEnzLmxfZnuOVM9OKd1zg= =S0EU -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce