Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

gzip-1.3.5-1tr RPM for i586

From Trustix 2.2 for i586

Name: gzip Distribution: Trustix Secure Linux
Version: 1.3.5 Vendor: Comodo Trustix
Release: 1tr Build date: Thu Sep 21 13:53:33 2006
Group: Trustix Official Build host: ttrmgtnived.comodo.net
Size: 77805 Source RPM: gzip-1.3.5-1tr.src.rpm
Packager: Comodo Trustix <http://www.trustix.com>
Summary: The GNU data compression program.
The gzip package contains the popular GNU gzip data compression
program.  Gzipped files have a .gz extension.

Gzip should be installed on your Trustix Secure Linux system, because it is a
very commonly used data compression program.

Provides

Requires

License

GPL

Changelog

* Thu Sep 21 2006 Nived Gopalan <nived at trustix dot org> 1.3.5-1tr
  - SECURITY Fix: Tavis Ormandy, Google Security Team,  has reported some
    vulnerabilities in gzip, which can be exploited by malicious people
    to cause a DoS and potentially compromise a vulnerable system.
  - Fix null pointer dereference that may lead to denial of service if
    gzip is used in an automated manner.
  - A boundary error within the "make_table()" function in unlzh.c can be
    used to modify certain stack data. This can be exploited to cause a DoS
    and potentially allows to execute arbitrary code.
  - A buffer underflow exists within the "build_tree()" function in
    unpack.c, which can be exploited to cause a DoS and potentially allows
    to execute arbitrary code.
  - A buffer overflow within the "make_table()" function of gzip's LZH
    support can be exploited to cause a DoS and potentially to compromise
    a vulnerable system by e.g. tricking a user or automated system into
    unpacking an archive containing a specially crafted decoding table.
  - unlzh.c in the LHZ component in gzip allows context-dependent attackers
    to cause a denial of service (infinite loop) via a crafted GZIP archive.
  
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2006-4334, CVE-2006-4335, CVE-2006-4336,
    CVE-2006-4337 and CVE-2006-4338 to these issues.
* Fri May 20 2005 Syed Shabir Zakiullah <syedshabir at comodo dot com> 1.3.3-8tr
  - Fix Multiple vulnerabilities: The zgrep utility improperly
    sanitizes arguments, which may come from an untrusted source
    (CAN-2005-0758).
* Thu May 05 2005 Ajith Thampi <ajith at comodo dot com> 1.3.3-6tr
  - Ulf Härnhammar <metaur@telia.com> has discovered a vulnerability in
    gunzip that allows a malicious zip file to extract to an arbitrary
    directory of the attackers choice when gunzip is used with the -N
    option.(CAN-2005-1228)
  - A race condition error in the file permission restore code, which may 
    be exploited by a malicious local user, with write permissions, to gain 
    read or write access to files of other users.(CAN-2005-0988)
* Fri Dec 03 2004 Syed Shabir <syedshabir at comodo dot com>
  - Fix man page bug BugZilla Id: 17
* Tue Nov 09 2004 Erlend Midttun <erlendbm at trustix dot org> 1.3.3-4tr
  - Now own /usr/share/html/gzip
* Mon Nov 01 2004 Oystein Viggen <oysteivi at trustix dot com> 1.3.3-3tr
  - Patch tempfile issues (Patch taken from Openwall GNU/*/Linux)
* Thu Sep 23 2004 Syed Shabir <syedshabir at comodo dot com> 1.3.3-2tr
  - New upstream
* Mon Dec 01 2003 Erlend Midttun <erlendbm at trustix dot org> 1.2.4a-26tr
  - Big rebuild
* Mon Oct 20 2003 Michael Scheffler <duke at tawie dot org> 1.2.4a-25ms
  - Added 64bit file support
* Mon Jun 23 2003 Erlend Midttun <erlendbm at trustix dot com> 1.2.4a-24tr
  - Added %defattr.
* Wed Jun 18 2003 Erlend Midttun <erlendbm at trustix dot com> 1.2.4a-23tr
  - Big rebuild
* Tue Mar 25 2003 Erlend Midttun <erlendbm at trustix dot com> 1.2.4a-22em
  - Fix typo.
* Mon Mar 24 2003 Erlend Midttun <erlendbm at trustix dot com> 1.2.4a-21em
  - Rebuilt against glibc 2.3.2.
* Thu Oct 24 2002 Christian H. Toldnes <christht at trustix dot com> 1.2.4a-20ct
  - Replaced info stuff with htmlinfo
* Wed Jul 24 2002 Daniel Meyer <eagle at trustix dot org> 1.2.4a-19dm
  - rebuild for Trustix Secure Linux 2.0
* Tue Jan 15 2002 Hans Almåsbakk <hansa at trustix dot com>
  - Applied patch that fixes a potential buffer overflow on too long input 
    filename.
* Mon Feb 28 2000 Lars Gaarden <larsg at trustix dot com>
  - put the documentation in a separate package
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
  - auto rebuild in the new build environment (release 14)
* Thu Dec 17 1998 Cristian Gafton <gafton@redhat.com>
  - built against gliibc 2.1
* Thu May 07 1998 Prospector System <bugs@redhat.com>
  - translations modified for de, fr, tr
* Thu Apr 09 1998 Cristian Gafton <gafton@redhat.com>
  - added /usr/bin/gzip and /usr/bin/gunzip symlinks as some programs are too
    brain dead to figure out they should be at least trying to use $PATH
  - added BuildRoot
* Wed Jan 28 1998 Erik Troan <ewt@redhat.com>
  - fix /tmp races
* Sun Sep 14 1997 Erik Troan <ewt@redhat.com>
  - uses install-info
  - applied patch for gzexe
* Mon Jun 02 1997 Erik Troan <ewt@redhat.com>
  - built against glibc
* Tue Apr 22 1997 Marc Ewing <marc@redhat.com>
  - (Entry added for Marc by Erik) fixed gzexe to use /bin/gzip

Files

/bin/gunzip
/bin/gzip
/bin/zcat
/usr/bin/gunzip
/usr/bin/gzexe
/usr/bin/gzip
/usr/bin/zcmp
/usr/bin/zdiff
/usr/bin/zegrep
/usr/bin/zfgrep
/usr/bin/zforce
/usr/bin/zgrep
/usr/bin/zless
/usr/bin/zmore
/usr/bin/znew


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Sep 15 21:53:39 2014