gzip-1.3.5 vulnerabilities
Ken Moffat
ken at kenmoffat.uklinux.net
Fri May 13 05:34:55 MDT 2005
On Thu, 12 May 2005, Matthew Burgess wrote:
> Folks,
>
> As we're on a bit of a security spree today, I've uploaded a patch to
> the patches repository that fixes the two security vulnerabilities in
> gzip that have been reported recently
> (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 and
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228). For
> your convenience the same patch is also attached.
>
> Regards,
>
> Matt.
>
>
Thanks, Matt. But the first vulnerability is apparently only in 1.3.3
and earlier (unless CVE are mistaken). The patch applies, and doesn't
seem to deal with directory traversal, so I guess it's only
CAN-2005-1228 that we should be concerned about.
Ken
--
das eine Mal als Tragödie, das andere Mal als Farce
More information about the lfs-security
mailing list