Opened 16 years ago
Closed 16 years ago
#2193 closed bug (fixed)
Gzip needs 1.2.4b patch applied (easy one)
| Reported by: | scottmc | Owned by: | axeld |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | Applications/Command Line Tools | Version: | R1/pre-alpha1 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
From http://www.gzip.org/ Important security patch gzip 1.2.4 may crash when an input file name is too long (over 1020 characters). The buffer overflow may be exploited if gzip is run by a server such as an ftp server. Some ftp servers allow compression and decompression on the fly and are thus vulnerable. See technical details here. This patch to gzip 1.2.4 fixes the problem. The beta version 1.3.3 already includes a sufficient patch; use this version if you have to handle files larger than 2 GB. A new official version of gzip will be released soon.
note that the last update to that page was July 27th, 2003, so probably not going to see a released 1.3.3 soon. I suggest we patch to 1.2.4b, here's the url to the patch file:
Change History (3)
comment:1 by , 16 years ago
| Summary: | Gzip needs 1.2.4b patch applied → Gzip needs 1.2.4b patch applied (easy one) |
|---|
comment:2 by , 16 years ago
There is a 1.3.12 which is used by FreeBSD among others: http://ports.haiku-files.org/wiki/app-arch/gzip/1.3.12/1
Just need to apply the patch...