Re: gzip security update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: "Ed Greshko" <Ed.Greshko@xxxxxxxxxxx>


jdow wrote:

Does anybody other than me think it is a little peculiar that there
was a listed update for gzip today that has an earlier version number
than the one from the second?

gzip-1.3.5-7.1.fc5.i386.rpm    October 2
gzip-1.3.5-7.fc5.i386.rpm      October 10

Did somebody screw up the version numbering?


Well, I've not updated my FC5 system recently.  So, I went to update it
today.  I had gzip-1.3.5-6.2.1 installed and it is being updated to
gzip-1.3.5-7.1.fc5.  So, I'm not sure what you are seeing or why.


I received this today. Please note the version of gzip it calls out.
The October2 patch was declared with a higher version than this security
patch. This raises questions about somebody possibly bolixing up the
version number on a patch we should have. (The files are VASTLY different
sizes.)

{^_^}
===8<---
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-989
2006-10-10
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : gzip
Version     : 1.3.5
Release     : 7.fc5
Summary     : The GNU data compression program.
Description :
The gzip package contains the popular GNU gzip data compression
program. Gzipped files have a .gz extension.

Gzip should be installed on your Red Hat Linux system, because it is a
very commonly used data compression program.

---------------------------------------------------------------------

* Wed Sep 20 2006 Ivana Varekova <varekova@xxxxxxxxxx> 1.3.5-7.fc5
- fix bug 204676 (patches by Tavis Ormandy)
 - cve-2006-4334 - null dereference problem
 - cve-2006-4335 - buffer overflow problem
 - cve-2006-4336 - buffer underflow problem
 - cve-2006-4338 - infinite loop problem
 - cve-2006-4337 - buffer overflow problem

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

058b352c889d357d2f369d8358643b16820c5e22  SRPMS/gzip-1.3.5-7.fc5.src.rpm
058b352c889d357d2f369d8358643b16820c5e22  noarch/gzip-1.3.5-7.fc5.src.rpm
a9679679039bf6a7646dc18ab267b87a905aee4d  ppc/debug/gzip-debuginfo-1.3.5-7.fc5.ppc.rpm
e9199ea8e46e2e3ead27eae3a1159f4fb47c8d1a  ppc/gzip-1.3.5-7.fc5.ppc.rpm
cc837290ccd3b1427d0121cc668fdf4e282e39f3 x86_64/debug/gzip-debuginfo-1.3.5-7.fc5.x86_64.rpm 
d7a7b184f5b98b58ea680fe49414b5b4f88b4ac4  x86_64/gzip-1.3.5-7.fc5.x86_64.rpm
a9450c087c726cb7dba45c97a2507706057a3d84  i386/debug/gzip-debuginfo-1.3.5-7.fc5.i386.rpm
7c1a6092d74f53916a9046c118a25b386993212e  i386/gzip-1.3.5-7.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-announce
===8<---
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux