| Descripción: | Description:
The remote host is missing an update to gzip
announced via advisory MDVSA-2010:020.
Multiple vulnerabilities has been found and corrected in gzip:
A missing input sanitation flaw was found in the way gzip used to
decompress data blocks for dynamic Huffman codes. A remote attacker
could provide a specially-crafted gzip compressed data archive,
which once opened by a local, unsuspecting user would lead to denial
of service (gzip crash) or, potentially, to arbitrary code execution
with the privileges of the user running gzip (CVE-2009-2624).
An integer underflow leading to array index error was found in the
way gzip used to decompress files / archives, compressed with the
Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could
provide a specially-crafted LZW compressed gzip archive, which once
decompressed by a local, unsuspecting user would lead to gzip crash,
or, potentially to arbitrary code execution with the privileges of
the user running gzip (CVE-2010-0001).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct these issues.
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:020
Risk factor : High
CVSS Score:
6.8
|
