Date: Wed, 28 Jan 1998 16:11:33 -0500 (EST) From: Erik Troan <ewt@redhat.com> To: redhat-announce-list@redhat.com Subject: SECURITY: new gzip now available gzexe, part of the gzip package, uses files in /tmp which very predictable names. This may allow users to destroy the contents of files on your system. As most systtems do not use gzexe, we doubt this will be a problem. However, Red Hat does recommend upgrading to new versions of the gzip package to avoid any future problems. Thanks to Michal Zalewski for finding this problem. Red Hat 5.0 ------------- i386: rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/gzip-1.2.4-10.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/gzip-1.2.4-10.alpha.rpm Red Hat 4.2 ------------- i386: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/gzip-1.2.4-7.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/gzip-1.2.4-7.alpha.rpm SPARC: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/gzip-1.2.4-7.sparc.rpm -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null