Debian Security Advisory
DSA-100-1 gzip -- Potential buffer overflow
- Date Reported:
- 13 Jan 2002
- Affected Packages:
- gzip
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2001-1228.
- More information:
-
GOBBLES found a buffer overflow in gzip that occurs when compressing files with really long filenames. Even though GOBBLES claims to have developed an exploit to take advantage of this bug, it has been said by others that this problem is not likely to be exploitable as other security incidents.
Additionally, the Debian version of gzip from the stable release does not segfault, and hence does not directly inherit this problem. However, better be safe than sorry, so we have prepared an update for you.
Please make sure you are running an up-to-date version from stable/unstable/testing with at least version 1.2.4-33.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.dsc
- http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/gzip_1.2.4-33.1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/gzip_1.2.4-33.1_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/gzip_1.2.4-33.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/gzip_1.2.4-33.1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/gzip_1.2.4-33.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/gzip_1.2.4-33.1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.