Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: New bugs discovered!

From: dave.goldsmith () intelsat com
Date: Mon, 19 Nov 2001 14:07:44 -0500
Redhat Source RPM:
ftp://ftp.redhat.com/pub/redhat/redhat-7.2-en/os/i386/SRPMS/gzip-1.3-15.src.
rpm

Tar Ball:
http://www.netsw.org/system/tools/fileutils/compress/gzip/gzip-1.3.tar.gz

http://www.funet.fi/pub/gnu/alpha/gnu/gzip/

R/S,
Dave Goldsmith    


-----Original Message-----
From: Baba Bogdan [mailto:mayday () cad cj pcnet ro]
Sent: Tuesday, November 20, 2001 11:39 AM
To: vuln-dev
Subject: Re: New bugs discovered!




well if you tell me where can i find a version of gzip 1.3.x
because on ftp.gnu.org www.gzip.org the latest version is 1.2.4a.


      Baba Bogdan

On Mon, 19 Nov 2001, Bernhard Rosenkraenzer wrote:


On Sun, 18 Nov 2001, vuln-dev wrote:


GOBBLES security is happy to announce the discovery of 

multiple bugs in

/bin/gzip, which can be exploited remotely with a bit of 

creativity.

Attached is our advisory on the matter.


Current versions of gzip (1.3.x) are not vulnerable.

LLaP
bero

--
This message is provided to you under the terms outlined at
http://www.bero.org/terms.html





############################################################
This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged
information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended 
recipient, please contact the sender by reply email and 
destroy all copies of the original message.  Any views 
expressed in this message are those of the individual 
sender, except where the sender specifically states them 
to be the views of Intelsat, Ltd. and its subsidiaries.
############################################################
Previous By Date Next
Previous By Thread Next

Current thread: