Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2006-31
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 10 Oct 2006
Last revised: 10 Oct 2006

Package: gzip

Summary: Multiple vulnerabilities in gzip

More information:
    A compression utility designed to replace 'compress'. Much better
    compression and freedom from patented algorithms are its main
    advantages over compress. Gzip decompresses files created by gzip,
    compress, or pack; it detects the input format automatically.

    Multiple vulnerabilities exist in gzip.

Impact:
    These vulnerabilities may allow attackers to execute arbitrary code via malformed gzip file.

Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server
    - Turbolinux 7 Server

<Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   gzip-1.3.3-9.src.rpm
       334184 9f1d4b73142db31052d56d075c12fd2b

   Binary Packages
   Size: MD5

   gzip-1.3.3-9.i586.rpm
        98105 f4e030bb7495e325f304ccef07f28670

<Turbolinux FUJI>

   Source Packages
   Size: MD5

   gzip-1.3.3-9.src.rpm
       334184 6b6c1427b2955a896dfd6d6dcfe71166

   Binary Packages
   Size: MD5

   gzip-1.3.3-9.i686.rpm
        99409 72ba906706023babc9223700efd3cc6b

<Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/gzip-1.3.3-9.src.rpm
       334184 7d41a8993397e60ff994aebae7f19552

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/gzip-1.3.3-9.x86_64.rpm
       102858 7c920b1ff58bda4750e7542fda934444

<Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   gzip-1.3.3-9.src.rpm
       334184 b7ac62064f4993fd7991c1dd590f9de4

   Binary Packages
   Size: MD5

   gzip-1.3.3-9.i586.rpm
        96765 4f8feb7de4a84f0a642ee526b3e3193b

<Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   gzip-1.3.3-9.src.rpm
       334184 e97fa93f8116b01ed1548e9a0ff20138

   Binary Packages
   Size: MD5

   gzip-1.3.3-9.i586.rpm
        96657 a251b67d83fcd218de84f4a2ba53751b

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/gzip-1.3.3-9.src.rpm
       334184 9f1d4b73142db31052d56d075c12fd2b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/gzip-1.3.3-9.i586.rpm
        98105 f4e030bb7495e325f304ccef07f28670

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/gzip-1.3.3-9.src.rpm
       334184 ce9ce77bd33ffda84114d49955677469

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/gzip-1.3.3-9.i586.rpm
        98404 4b7e8692486194c87c7bed6826d6b2a6

<Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/gzip-1.3.3-9.src.rpm
       334184 4995dd8dc528fe48e3a529f10ddc92f0

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/gzip-1.3.3-9.i586.rpm
        96925 ef4c34705b2a14abcd997fe2a8bfac64

<Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/gzip-1.3.3-9.src.rpm
       334184 e3f94676e429746f655cba9d169b86a9

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/gzip-1.3.3-9.i586.rpm
        95983 a325267a98b73ae5ec94b8895017ba89

CVE
   [CVE-2006-4334]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
   [CVE-2006-4335]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
   [CVE-2006-4336]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
   [CVE-2006-4337]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
   [CVE-2006-4338]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338

--------------------------------------------------------------------------
Revision History
    10 Oct 2006 Initial release
--------------------------------------------------------------------------

Copyright(C) 2006 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFFK51zK0LzjOqIJMwRAuTIAKCSMyrFJ0XzHojCy3uWQzmD91sw5gCfdlbd
m4gqR73md2UGwVlWYW9ll7Q=
=Rmi1
-----END PGP SIGNATURE-----