Mandrake Linux Security Advisory : gzip (MDKSA-2006:167)
High Nessus Plugin ID 24553
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionNULL Dereference (CVE-2006-4334)
A stack modification vulnerability (where a stack buffer can be modified out of bounds, but not in the traditional stack overrun sense) exists in the LZH decompression support of gzip.
A .bss buffer underflow exists in gzip's pack support, where a loop from build_tree() does not enforce any lower bound while constructing the prefix table. (CVE-2006-4336)
A .bss buffer overflow vulnerability exists in gzip's LZH support, due to it's inability to handle exceptional input in the make_table() function, a pathological decoding table can be constructed in such a way as to generate counts so high that the rapid growth of `nextcode` exceeds the size of the table buffer. (CVE-2006-4337)
A possible infinite loop exists in code from unlzh.c for traversing the branches of a tree structure. This makes it possible to disrupt the operation of automated systems relying on gzip for data decompression, resulting in a minor DoS. (CVE-2006-4338) Updated packages have been patched to address these issues.
SolutionUpdate the affected gzip package.