From support@caldera.com Fri Apr 3 14:05:47 1998 From: Caldera Support To: Caldera Announce Date: 3 Apr 1998 19:39:29 -0000 Reply-To: info@caldera.com Subject: Caldera Security Advisory SA-1998.06: Minor vulnerability in gzip -----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.06: Minor vulnerability in gzip Advisory issue date: 03-Apr-1998 Topic: Minor vulnerability in gzip I. Problem Description The gzip utility can core dump on several fringe cases for which it does not check. This situation can be exploited to run arbitrary code encapsulated in the gzipped file. Although these vulnerabilities exist, they would be very difficult to exploit. This problem is different than the problem fixed in SA-1998.04. This fix contains the changes in SA-1998.04 and SA-1998.06. II. Impact This problem is present in OpenLinux 1.2 and prior releases. III. Solution Upgrade to the gzip-1.2.4-8 package. It can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/004/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/004/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: f063204dff5b6c573760095e69ec564e gzip-1.2.4-8.i386.rpm 3f5b95c525116118a8eec88d88780e12 gzip-1.2.4-8.src.rpm Upgrade with this command: rpm -q gzip && rpm -U gzip-1.2.4-8.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ This security fix closes Caldera's internal Problem Report 1806. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.06,v 1.3 1998/04/03 17:41:03 ron Exp ron $ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNSUfeen+9R4958LpAQECjAP+OZ9EsDz3TKhhAZUXeMf9NvgwdeISnCyg YKLu1UUqHVCG0tKEiN927wrCdSnwSmoL0ZfyJ/bU+StKS4OuOOZVWfTfeOZdxM5J CAsjIXL4l4VDe91NEfmtRg4k9OrpUHHjP+Bz3ePd1JtM5SxgmsPHzTm5gfJ9Ut5c wIAvd+iWacI= =Ho7w -----END PGP SIGNATURE----- - Notes: To learn how to use this list server, email a "help" command to majordomo@rim.caldera.com.