RHSA-2010:0061 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: gzip security update

Type/Severity

Security Advisory: Moderate

Topic

An updated gzip package that fixes one security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The gzip package provides the GNU gzip data compression program.

An integer underflow flaw, leading to an array index error, was found in
the way gzip expanded archive files compressed with the Lempel-Ziv-Welch
(LZW) compression algorithm. If a victim expanded a specially-crafted
archive, it could cause gzip to crash or, potentially, execute arbitrary
code with the privileges of the user running gzip. This flaw only affects
64-bit systems. (CVE-2010-0001)

Red Hat would like to thank Aki Helin of the Oulu University Secure
Programming Group for responsibly reporting this flaw.

Users of gzip should upgrade to this updated package, which contains a
backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.4 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 554418 - CVE-2010-0001 gzip: (64 bit) Integer underflow by decompressing LZW format files

CVEs

CVE-2010-0001

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
gzip-1.3.5-11.el5_4.1.src.rpm	SHA-256: a1fe44d9e0a499c3e0066ddd11a7c4ddbd642b9edf466791043f924b090db988
x86_64
gzip-1.3.5-11.el5_4.1.x86_64.rpm	SHA-256: f180c08564caeaf3cc36b40d45a0ae28ce173b687bd78d0593ad731b6a988e98
ia64
gzip-1.3.5-11.el5_4.1.ia64.rpm	SHA-256: 4f69fce4d38d066bc3d7560c1d6ac4ee62c374d57126a903e822bdf74155ad24
i386
gzip-1.3.5-11.el5_4.1.i386.rpm	SHA-256: 695d3a42d813ba0ad8cb764446fd9c38a584d486463b5d9a36e36fb5a0dc1a54

Red Hat Enterprise Linux Server 4

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
x86_64
gzip-1.3.3-18.el4_8.1.x86_64.rpm	SHA-256: d92739bb43586966d01016b1c577946672be96c3b752a19fb306e0308766c21a
gzip-1.3.3-18.el4_8.1.x86_64.rpm	SHA-256: d92739bb43586966d01016b1c577946672be96c3b752a19fb306e0308766c21a
ia64
gzip-1.3.3-18.el4_8.1.ia64.rpm	SHA-256: b2363561d47371ab03d26ba69ba892a88e036f9e2e453933e35e83172f8aff86
gzip-1.3.3-18.el4_8.1.ia64.rpm	SHA-256: b2363561d47371ab03d26ba69ba892a88e036f9e2e453933e35e83172f8aff86
i386
gzip-1.3.3-18.el4_8.1.i386.rpm	SHA-256: f5c06ed66a473f94ca92f60f364ab93010d371af764cc0793ae758ebbd2ae95b
gzip-1.3.3-18.el4_8.1.i386.rpm	SHA-256: f5c06ed66a473f94ca92f60f364ab93010d371af764cc0793ae758ebbd2ae95b

Red Hat Enterprise Linux Server - Extended Update Support 4.8

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
x86_64
gzip-1.3.3-18.el4_8.1.x86_64.rpm	SHA-256: d92739bb43586966d01016b1c577946672be96c3b752a19fb306e0308766c21a
gzip-1.3.3-18.el4_8.1.x86_64.rpm	SHA-256: d92739bb43586966d01016b1c577946672be96c3b752a19fb306e0308766c21a
ia64
gzip-1.3.3-18.el4_8.1.ia64.rpm	SHA-256: b2363561d47371ab03d26ba69ba892a88e036f9e2e453933e35e83172f8aff86
gzip-1.3.3-18.el4_8.1.ia64.rpm	SHA-256: b2363561d47371ab03d26ba69ba892a88e036f9e2e453933e35e83172f8aff86
i386
gzip-1.3.3-18.el4_8.1.i386.rpm	SHA-256: f5c06ed66a473f94ca92f60f364ab93010d371af764cc0793ae758ebbd2ae95b
gzip-1.3.3-18.el4_8.1.i386.rpm	SHA-256: f5c06ed66a473f94ca92f60f364ab93010d371af764cc0793ae758ebbd2ae95b

Red Hat Enterprise Linux Workstation 5

SRPM
gzip-1.3.5-11.el5_4.1.src.rpm	SHA-256: a1fe44d9e0a499c3e0066ddd11a7c4ddbd642b9edf466791043f924b090db988
x86_64
gzip-1.3.5-11.el5_4.1.x86_64.rpm	SHA-256: f180c08564caeaf3cc36b40d45a0ae28ce173b687bd78d0593ad731b6a988e98
i386
gzip-1.3.5-11.el5_4.1.i386.rpm	SHA-256: 695d3a42d813ba0ad8cb764446fd9c38a584d486463b5d9a36e36fb5a0dc1a54

Red Hat Enterprise Linux Workstation 4

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
x86_64
gzip-1.3.3-18.el4_8.1.x86_64.rpm	SHA-256: d92739bb43586966d01016b1c577946672be96c3b752a19fb306e0308766c21a
ia64
gzip-1.3.3-18.el4_8.1.ia64.rpm	SHA-256: b2363561d47371ab03d26ba69ba892a88e036f9e2e453933e35e83172f8aff86
i386
gzip-1.3.3-18.el4_8.1.i386.rpm	SHA-256: f5c06ed66a473f94ca92f60f364ab93010d371af764cc0793ae758ebbd2ae95b

Red Hat Enterprise Linux Desktop 5

SRPM
gzip-1.3.5-11.el5_4.1.src.rpm	SHA-256: a1fe44d9e0a499c3e0066ddd11a7c4ddbd642b9edf466791043f924b090db988
x86_64
gzip-1.3.5-11.el5_4.1.x86_64.rpm	SHA-256: f180c08564caeaf3cc36b40d45a0ae28ce173b687bd78d0593ad731b6a988e98
i386
gzip-1.3.5-11.el5_4.1.i386.rpm	SHA-256: 695d3a42d813ba0ad8cb764446fd9c38a584d486463b5d9a36e36fb5a0dc1a54

Red Hat Enterprise Linux Desktop 4

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
x86_64
gzip-1.3.3-18.el4_8.1.x86_64.rpm	SHA-256: d92739bb43586966d01016b1c577946672be96c3b752a19fb306e0308766c21a
i386
gzip-1.3.3-18.el4_8.1.i386.rpm	SHA-256: f5c06ed66a473f94ca92f60f364ab93010d371af764cc0793ae758ebbd2ae95b

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gzip-1.3.5-11.el5_4.1.src.rpm	SHA-256: a1fe44d9e0a499c3e0066ddd11a7c4ddbd642b9edf466791043f924b090db988
s390x
gzip-1.3.5-11.el5_4.1.s390x.rpm	SHA-256: 8c9e84e58751eed16c08110cc01cabf81a81f14cc60a6fc55d9ecf0e9f5adb40

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
s390x
gzip-1.3.3-18.el4_8.1.s390x.rpm	SHA-256: ade77d16b1cb3f5e0586951090c42f4209951e0ee7438a6523d6d6b77b13fbdf
s390
gzip-1.3.3-18.el4_8.1.s390.rpm	SHA-256: f3dd03bfccf0ab7938ed75e1f439aa9832c4458c22304d5197a4252f446d0d80

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
s390x
gzip-1.3.3-18.el4_8.1.s390x.rpm	SHA-256: ade77d16b1cb3f5e0586951090c42f4209951e0ee7438a6523d6d6b77b13fbdf
s390
gzip-1.3.3-18.el4_8.1.s390.rpm	SHA-256: f3dd03bfccf0ab7938ed75e1f439aa9832c4458c22304d5197a4252f446d0d80

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gzip-1.3.5-11.el5_4.1.src.rpm	SHA-256: a1fe44d9e0a499c3e0066ddd11a7c4ddbd642b9edf466791043f924b090db988
ppc
gzip-1.3.5-11.el5_4.1.ppc.rpm	SHA-256: 74639e2ec5603d0d2990475813f660d2278eb23ac6f420b5d2865328f823da41

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
ppc
gzip-1.3.3-18.el4_8.1.ppc.rpm	SHA-256: aef84d5895a5ff34bf345b6e0f4cf2f7f00fb4db320acd7992d3e55e0f451282

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
gzip-1.3.3-18.el4_8.1.src.rpm	SHA-256: a4f37f09a7833d1f98d152f50e5011b627d508ac5530a28cbb5d09ae15ac7b25
ppc
gzip-1.3.3-18.el4_8.1.ppc.rpm	SHA-256: aef84d5895a5ff34bf345b6e0f4cf2f7f00fb4db320acd7992d3e55e0f451282

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gzip-1.3.5-11.el5_4.1.src.rpm	SHA-256: a1fe44d9e0a499c3e0066ddd11a7c4ddbd642b9edf466791043f924b090db988
x86_64
gzip-1.3.5-11.el5_4.1.x86_64.rpm	SHA-256: f180c08564caeaf3cc36b40d45a0ae28ce173b687bd78d0593ad731b6a988e98
i386
gzip-1.3.5-11.el5_4.1.i386.rpm	SHA-256: 695d3a42d813ba0ad8cb764446fd9c38a584d486463b5d9a36e36fb5a0dc1a54

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.