__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Gzip Security Update [RHSA-2006:0667-3] September 19, 2006 18:00 GMT Number Q-319 [REVISED 31 Oct 2006] [REVISED 9 Jan 2007] ______________________________________________________________________________ PROBLEM: Several code execution flaws in the way gzip expanded archive files. PLATFORM: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor HP Tru64 UNIX running gzip Solaris 8, 9, 10 Operating System HP-UX B.11.11 and B.11.23 running Software Distributor (SD) DAMAGE: If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is LOW. An attacker could execute arbitrary code. ASSESSMENT: ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-319.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0667.html ADDITIONAL LINKS: Visit Hewlett-Packard Subscription Service for: HPSBTU02168 SSRT061237 rev. 1 Sun Alert ID: 102766 http://www.sunsolve.sun.com/search/document.do?assetkey=1- 26-102766-1 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338 ______________________________________________________________________________ REVISION HISTORY: 10/31/2006 - revised to add a link to Hewlett-Packard HPSBTU02168 SSRT061237 rev. 1 for HP Tru64 UNIX running gzip. 01/09/2007 - revised to add a link to Sun Alert ID: 102766 for Solaris 8, 9, 10 Operating System. [***** Start RHSA-2006:0667-3 *****] Moderate: gzip security update Advisory: RHSA-2006:0667-3 Type: Security Advisory Issued on: 2006-09-19 Last updated on: 2006-09-19 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338 Details Updated gzip packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c IA-32: gzip-1.3.3-13.rhel3.i386.rpm 842a7c1efcb3ad77701b64413e54408b x86_64: gzip-1.3.3-13.rhel3.x86_64.rpm 565eecd82fbe55386cdf228fccdfaecc Red Hat Desktop (v. 4) SRPMS: gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 IA-32: gzip-1.3.3-16.rhel4.i386.rpm 49ccf9c31fa89e32612e6842e56725a8 x86_64: gzip-1.3.3-16.rhel4.x86_64.rpm f6ef264363bd174e77b0676cb4bea479 Red Hat Enterprise Linux AS (v. 2.1) SRPMS: gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 IA-32: gzip-1.3-19.rhel2.i386.rpm 74ea72195027b0a56065882957ae6aed IA-64: gzip-1.3-19.rhel2.ia64.rpm 221b875805ccab0bbaa150664a26ce50 Red Hat Enterprise Linux AS (v. 3) SRPMS: gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c IA-32: gzip-1.3.3-13.rhel3.i386.rpm 842a7c1efcb3ad77701b64413e54408b IA-64: gzip-1.3.3-13.rhel3.ia64.rpm f8d04b7ae735d4e84213bf0bfdfcc7b4 PPC: gzip-1.3.3-13.rhel3.ppc.rpm 391f0bf7e9fdea0f44c31518603a35a2 s390: gzip-1.3.3-13.rhel3.s390.rpm 836385ed074828038b67360c5b019c07 s390x: gzip-1.3.3-13.rhel3.s390x.rpm b1a0e78bc41851a871649871ad3fa3e7 x86_64: gzip-1.3.3-13.rhel3.x86_64.rpm 565eecd82fbe55386cdf228fccdfaecc Red Hat Enterprise Linux AS (v. 4) SRPMS: gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 IA-32: gzip-1.3.3-16.rhel4.i386.rpm 49ccf9c31fa89e32612e6842e56725a8 IA-64: gzip-1.3.3-16.rhel4.ia64.rpm 85f98bebe3367e17b608317cb3241f27 PPC: gzip-1.3.3-16.rhel4.ppc.rpm 06e9cdaacd44994bf34c2e701676f154 s390: gzip-1.3.3-16.rhel4.s390.rpm 821f36266c7b91cf4b8dc9ec50280c76 s390x: gzip-1.3.3-16.rhel4.s390x.rpm 364d5e60560ab8c6e47580da67cc1921 x86_64: gzip-1.3.3-16.rhel4.x86_64.rpm f6ef264363bd174e77b0676cb4bea479 Red Hat Enterprise Linux ES (v. 2.1) SRPMS: gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 IA-32: gzip-1.3-19.rhel2.i386.rpm 74ea72195027b0a56065882957ae6aed Red Hat Enterprise Linux ES (v. 3) SRPMS: gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c IA-32: gzip-1.3.3-13.rhel3.i386.rpm 842a7c1efcb3ad77701b64413e54408b IA-64: gzip-1.3.3-13.rhel3.ia64.rpm f8d04b7ae735d4e84213bf0bfdfcc7b4 x86_64: gzip-1.3.3-13.rhel3.x86_64.rpm 565eecd82fbe55386cdf228fccdfaecc Red Hat Enterprise Linux ES (v. 4) SRPMS: gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 IA-32: gzip-1.3.3-16.rhel4.i386.rpm 49ccf9c31fa89e32612e6842e56725a8 IA-64: gzip-1.3.3-16.rhel4.ia64.rpm 85f98bebe3367e17b608317cb3241f27 x86_64: gzip-1.3.3-16.rhel4.x86_64.rpm f6ef264363bd174e77b0676cb4bea479 Red Hat Enterprise Linux WS (v. 2.1) SRPMS: gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 IA-32: gzip-1.3-19.rhel2.i386.rpm 74ea72195027b0a56065882957ae6aed Red Hat Enterprise Linux WS (v. 3) SRPMS: gzip-1.3.3-13.rhel3.src.rpm 6bf7ab261a159f83cfe587e77314e95c IA-32: gzip-1.3.3-13.rhel3.i386.rpm 842a7c1efcb3ad77701b64413e54408b IA-64: gzip-1.3.3-13.rhel3.ia64.rpm f8d04b7ae735d4e84213bf0bfdfcc7b4 x86_64: gzip-1.3.3-13.rhel3.x86_64.rpm 565eecd82fbe55386cdf228fccdfaecc Red Hat Enterprise Linux WS (v. 4) SRPMS: gzip-1.3.3-16.rhel4.src.rpm 5648a7b9c26a7cf20f98dc7ec35babf5 IA-32: gzip-1.3.3-16.rhel4.i386.rpm 49ccf9c31fa89e32612e6842e56725a8 IA-64: gzip-1.3.3-16.rhel4.ia64.rpm 85f98bebe3367e17b608317cb3241f27 x86_64: gzip-1.3.3-16.rhel4.x86_64.rpm f6ef264363bd174e77b0676cb4bea479 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SRPMS: gzip-1.3-19.rhel2.src.rpm ad45a2b7d359191e2d09ea99576e2dc7 IA-64: gzip-1.3-19.rhel2.ia64.rpm 221b875805ccab0bbaa150664a26ce50 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 204676 - CVE-2006-4334 gzip multiple issues (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 http://www.redhat.com/security/updates/classification/#moderate [***** End RHSA-2006:0667-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-309: TikiWiki Q-310: Vulnerability in Microsoft Publisher Q-311: Vulnerability in Pragmatic General Multicast (PGM) Q-312: Vulnerability in Indexing Service Q-313: Flash-Plugin Security Update Q-314: QuickTime 7.1.3 Q-315: isakmpd - Programming Error Q-316: HP OpenView Operations Q-317: Firefox Security Update Q-318: Usermin Programming Error