Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2624 Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version. CVE-2010-0001 Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution (lenny), these problems have been fixed in version 1.3.12-6+lenny1. For the oldstable distribution (etch), these problems have been fixed in version 1.3.5-15+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your gzip packages.
Several vulnerabilities have been found in gzip, the GNU compression utilities. The Common Vulnerabilities and Exposures project identifies the following problems:
Thiemo Nagel discovered a missing input sanitation flaw in the way gzip used to decompress data blocks for dynamic Huffman codes, which could lead to the execution of arbitrary code when trying to decompress a crafted archive. This issue is a reappearance of CVE-2006-4334 and only affects the lenny version.
Aki Helin discovered an integer underflow when decompressing files that are compressed using the LZW algorithm. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
For the stable distribution (lenny), these problems have been fixed in version 1.3.12-6+lenny1.
For the oldstable distribution (etch), these problems have been fixed in version 1.3.5-15+etch4.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your gzip packages.
MD5 checksums of the listed files are available in the original advisory.