[bug-gzip] 20091002 gzip-1.3.13 released [major]

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263

http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2

APPLE-SA-2010-11-10-1

SUSE-SA:2010:008

38132

38223

38232

http://support.apple.com/kb/HT4435

DSA-1974

MDVSA-2010:020

USN-889-1

ADV-2010-0185

https://bugzilla.redhat.com/show_bug.cgi?id=514711

The remote Solaris system is missing necessary patches to address security updates :

  - The huft_build function in inflate.c in gzip before     1.3.13 creates a hufts (aka huffman) table that is too     small, which allows remote attackers to cause a denial     of service (application crash or infinite loop) or     possibly execute arbitrary code via a crafted archive.
    NOTE: this issue is caused by a CVE-2006-4334     regression. (CVE-2009-2624)

The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      Insight       Perl Tk Module       Source-Navigator       Tk       Partimage       Mlmmj       acl       Xinit       gzip       ncompress       liblzw       splashutils       GNU M4       KDE Display Manager       GTK+       KGet       dvipng       Beanstalk       Policy Mount       pam_krb5       GNU gv       LFTP       Uzbl       Slim       Bitdefender Console       iputils       DVBStreamer   Impact :

    A context-dependent attacker may be able to gain escalated privileges,       execute arbitrary code, cause Denial of Service, obtain sensitive       information, or otherwise bypass security restrictions.
  Workaround :

    There are no known workarounds at this time.

Versions of Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities.  Mac OS X 10.6.5 contains security fixes for the following products :

  - AFP Server

  - Apache mod_perl

  - Apache

  - AppKit

  - ATS

  - CFNetwork

  - CoreGraphics

  - CoreText

  - CUPS

  - Directory Services

  - diskdev_cmds

Disk Images

  - Flash Player plug-in

  - gzip

  - Image Capture

  - ImageIO

  - Image RAW

  - Kernel

  - MySQL

  - neon

  - Networking

  - OpenLDAP

  - OpenSSL

  - Password Server

  - PHP

  - Printing

  - python

  - QuickLook

  - QuickTime

  - Safari RSS

  - Time Machine

  - Wiki Server

  - X11

  - xar

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. 

This security update contains fixes for the following products :

  - AFP Server
  - Apache mod_perl
  - ATS
  - CFNetwork
  - CoreGraphics
  - CoreText
  - CUPS
  - Directory Services
  - diskdev_cmds
  - Disk Images
  - Flash Player plug-in
  - gzip
  - ImageIO
  - Image RAW
  - MySQL
  - Password Server
  - PHP
  - Printing
  - python
  - QuickLook
  - Safari RSS
  - Wiki Server
  - X11

The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5.

Mac OS X 10.6.5 contains security fixes for the following products :

  - AFP Server
  - Apache mod_perl
  - Apache
  - AppKit
  - ATS
  - CFNetwork
  - CoreGraphics
  - CoreText
  - CUPS
  - Directory Services
  - diskdev_cmds
  - Disk Images
  - Flash Player plug-in
  - gzip
  - Image Capture
  - ImageIO
  - Image RAW
  - Kernel
  - MySQL
  - neon
  - Networking
  - OpenLDAP
  - OpenSSL
  - Password Server
  - PHP
  - Printing
  - python
  - QuickLook
  - QuickTime
  - Safari RSS
  - Time Machine
  - Wiki Server
  - X11
  - xar

This update fixes CVE-2009-2624 and CVE-2010-0001 vulnerabilities.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2009-2624     Thiemo Nagel discovered a missing input sanitation flaw     in the way gzip used to decompress data blocks for     dynamic Huffman codes, which could lead to the execution     of arbitrary code when trying to decompress a crafted     archive. This issue is a reappearance of CVE-2006-4334     and only affects the lenny version.

  - CVE-2010-0001     Aki Helin discovered an integer underflow when     decompressing files that are compressed using the LZW     algorithm. This could lead to the execution of arbitrary     code when trying to decompress a crafted LZW compressed     gzip archive.

The following bugs have been fixed :

  - Specially crafted gzip archives could lead to gzip     allocating a too small huffman table. Attackers could     exploit that to crash gzip (CVE-2009-2624). Specially     crafted gzip archives could trigger integer overflows.
    Attackers could exploit that to crash gzip or     potentially execute arbitrary code (CVE-2010-0001). Only     64bit architectures are affected by this flaw.

Specially crafted gzip archives could lead to gzip allocating a too small huffman table. Attackers could exploit that to crash gzip (CVE-2009-2624).

Specially crafted gzip archives could trigger integer overflows.
Attackers could exploit that to crash gzip or potentially execute arbitrary code (CVE-2010-0001). Only 64bit architectures are affected by this flaw.

It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624)

Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel-Ziv-Welch (LZW) algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
(CVE-2010-0001).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities has been found and corrected in gzip :

A missing input sanitation flaw was found in the way gzip used to decompress data blocks for dynamic Huffman codes. A remote attacker could provide a specially crafted gzip compressed data archive, which once opened by a local, unsuspecting user would lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip (CVE-2009-2624).

An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

The updated packages have been patched to correct these issues.

ID	Name	Product	Family	Severity
80636	Oracle Solaris Third-Party Patch Update : gzip (cve_2009_2624_denial_of)	Nessus	Solaris Local Security Checks	medium
79961	GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010	Nessus	Gentoo Local Security Checks	critical
800791	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high
5705	Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
50549	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)	Nessus	MacOS X Local Security Checks	high
50548	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
47203	Fedora 11 : gzip-1.3.12-10.fc11 (2010-0964)	Nessus	Fedora Local Security Checks	medium
47201	Fedora 12 : gzip-1.3.12-14.fc12 (2010-0884)	Nessus	Fedora Local Security Checks	medium
44839	Debian DSA-1974-1 : gzip - several vulnerabilities	Nessus	Debian Local Security Checks	medium
44312	SuSE 11 Security Update : gzip (SAT Patch Number 1839)	Nessus	SuSE Local Security Checks	medium
44310	openSUSE Security Update : gzip (gzip-1838)	Nessus	SuSE Local Security Checks	medium
44308	openSUSE Security Update : gzip (gzip-1838)	Nessus	SuSE Local Security Checks	medium
44306	openSUSE Security Update : gzip (gzip-1838)	Nessus	SuSE Local Security Checks	medium
44107	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : gzip vulnerabilities (USN-889-1)	Nessus	Ubuntu Local Security Checks	medium
44101	Mandriva Linux Security Advisory : gzip (MDVSA-2010:020)	Nessus	Mandriva Local Security Checks	medium

CVE-2009-2624

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins