|
|
Family: Debian Local Security Checks --> Category: infos
[DSA100] DSA-100-1 gzip Vulnerability Scan
Vulnerability Scan Summary
DSA-100-1 gzip
Detailed Explanation for this Vulnerability Test
GOBBLES found a buffer overflow in gzip that occurs when compressing
files with really long filenames. Even though GOBBLES claims to have
developed an exploit to take advantage of this bug, it has been said
by others that this problem is not likely to be exploitable as other
security incidents.
Additionally, the Debian version of gzip from the stable release does
not segfault, and hence does not directly inherit this problem.
However, better be safe than sorry, so we have prepared an update for
you.
Please make sure you are running an up-to-date version from
stable/unstable/testing with at least version 1.2.4-33.
Solution : http://www.debian.org/security/2002/dsa-100
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
