In association with heise online

22 September 2006, 09:12

Multiple security vulnerabilities in compression tool gzip

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Numerous Linux distributors and the developers of FreeBSD have released new packets of the open source (un)zip program gzip (GNUzip). The update fixes four vulnerabilities. Three of these are based on buffer overflows in the functions make_table in unlzh.c, build_tree in unpack.c and make_table in the LHA support. When unzipping prepared archives, malicious code can be infiltrated onto the computer and be executed in the user's context. The fourth vulnerability is in the function huft_build during LZH processing, however, it merely cases the application to crash.

No official patch is available at present. Users should install the packages for their distribution as quickly as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit