Issued:: 2006-09-19
Updated:: 2006-09-19

RHSA-2006:0667 - Security Advisory

Overview
Updated Packages

Synopsis

gzip security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gzip packages that fix several security issues are now available
for Red Hat Enterprise Linux.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The gzip package contains the GNU gzip data compression program.

Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash. (CVE-2006-4334, CVE-2006-4338)

Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Users of gzip should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server 2 ia64
Red Hat Enterprise Linux Server 2 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Workstation 2 ia64
Red Hat Enterprise Linux Workstation 2 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 204676 - CVE-2006-4334 gzip multiple issues (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338)

CVEs

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
x86_64
gzip-1.3.3-16.rhel4.x86_64.rpm	SHA-256: ff183d3c930d1804699639a0f01c62168b6d49146f9635870363c60cbfd2b402
gzip-1.3.3-16.rhel4.x86_64.rpm	SHA-256: ff183d3c930d1804699639a0f01c62168b6d49146f9635870363c60cbfd2b402
ia64
gzip-1.3.3-16.rhel4.ia64.rpm	SHA-256: 2d4242ea98a72d9d30165a71f623cdef7fcffafa59198e0247628c62e315e5bf
gzip-1.3.3-16.rhel4.ia64.rpm	SHA-256: 2d4242ea98a72d9d30165a71f623cdef7fcffafa59198e0247628c62e315e5bf
i386
gzip-1.3.3-16.rhel4.i386.rpm	SHA-256: a36ff69c17f9d7bbe591d1e11c33f7c594f92d498a7f77727693a24c545123be
gzip-1.3.3-16.rhel4.i386.rpm	SHA-256: a36ff69c17f9d7bbe591d1e11c33f7c594f92d498a7f77727693a24c545123be

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
gzip-1.3.3-16.rhel4.x86_64.rpm	SHA-256: ff183d3c930d1804699639a0f01c62168b6d49146f9635870363c60cbfd2b402
ia64
gzip-1.3.3-16.rhel4.ia64.rpm	SHA-256: 2d4242ea98a72d9d30165a71f623cdef7fcffafa59198e0247628c62e315e5bf
i386
gzip-1.3.3-16.rhel4.i386.rpm	SHA-256: a36ff69c17f9d7bbe591d1e11c33f7c594f92d498a7f77727693a24c545123be

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
gzip-1.3.3-16.rhel4.x86_64.rpm	SHA-256: ff183d3c930d1804699639a0f01c62168b6d49146f9635870363c60cbfd2b402
i386
gzip-1.3.3-16.rhel4.i386.rpm	SHA-256: a36ff69c17f9d7bbe591d1e11c33f7c594f92d498a7f77727693a24c545123be

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
gzip-1.3.3-16.rhel4.s390x.rpm	SHA-256: e6ed8dfb1948a93a7448828e06a961209a8d5c5b3011030800cdcdbf762c2561
s390
gzip-1.3.3-16.rhel4.s390.rpm	SHA-256: 4d5c24c58368c215fc4e833e433d81c22917ea457050c3d3e420a5ed15755753

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
gzip-1.3.3-16.rhel4.ppc.rpm	SHA-256: 37c90b73e6af3927862ed7b988d2c7e8a8babc5a295e76e721570556d16e36d3

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation