Rapid7 Vulnerability & Exploit Database

RHSA-2010:0061: gzip security update

Back to Search

RHSA-2010:0061: gzip security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
01/29/2010
Created
07/25/2018
Added
01/29/2010
Modified
07/04/2017

Description

The gzip package provides the GNU gzip data compression program.An integer underflow flaw, leading to an array index error, was found inthe way gzip expanded archive files compressed with the Lempel-Ziv-Welch(LZW) compression algorithm. If a victim expanded a specially-craftedarchive, it could cause gzip to crash or, potentially, execute arbitrarycode with the privileges of the user running gzip. This flaw only affects64-bit systems. (CVE-2010-0001)Red Hat would like to thank Aki Helin of the Oulu University SecureProgramming Group for responsibly reporting this flaw.Users of gzip should upgrade to this updated package, which contains abackported patch to correct this issue.

Solution(s)

  • redhat-upgrade-gzip

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;