Mandriva Linux Security Advisory : ncompress (MDVSA-2011:152)
Medium Nessus Plugin ID 56530
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in ncompress :
An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. A remote attacker could provide a specially crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip (CVE-2010-0001).
The updated packages have been upgraded to the 220.127.116.11 version which is not vulnerable to this issue.
SolutionUpdate the affected ncompress package.