New User, Welcome!     Login

Huffman codes

[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution

the following problems:

CVE-2009-2624

Thiemo Nagel discovered a missing input sanitation flaw in the way gzip
used to decompress data blocks for dynamic Huffman codes, which could
lead to the execution of arbitrary code when trying to decompress a
crafted archive. This issue is a reappearance of CVE-2006-4334 and only
affects the lenny version.

CVE-2010-0001

[ MDVSA-2010:020 ] gzip

 Problem Description:

 Multiple vulnerabilities has been found and corrected in gzip:
 
 A missing input sanitation flaw was found in the way gzip used to
 decompress data blocks for dynamic Huffman codes. A remote attacker
 could provide a specially-crafted gzip compressed data archive,
 which once opened by a local, unsuspecting user would lead to denial
 of service (gzip crash) or, potentially, to arbitrary code execution
 with the privileges of the user running gzip (CVE-2009-2624).


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!