From 373768fc69124f64b2d16bf1ce2225515e45b936 Mon Sep 17 00:00:00 2001 From: Remko Lodder Date: Tue, 19 Dec 2006 20:33:36 +0000 Subject: Document gzip -- multiple vulnerabilities, this is FreeBSD-SA06:21.gzip --- security/vuxml/vuln.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 86038efaa46c..1d4c8bae3821 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,54 @@ Note: Please add new entries to the beginning of this file. --> + + gzip -- multiple vulnerabilities + + + FreeBSD + 6.16.1_7 + 6.06.0_12 + 5.55.5_5 + 5.45.4_19 + 5.35.3_34 + 4.11_22 + + + gzip + 0 + + + + +

Problem Description

Multiple programming errors have been found in gzip which + can be triggered when gzip is decompressing files. These + errors include insufficient bounds checks in buffer use, a + NULL pointer dereference, and a potential infinite loop.

Impact

The insufficient bounds checks in buffer use can cause gzip + to crash, and may permit the execution of arbitrary code. + The NULL pointer deference can cause gzip to crash. The + infinite loop can cause a Denial-of-Service situation where + gzip uses all available CPU time.

Workaround

No workaround is available.

+ + + + CVE-2006-4334 + CVE-2006-4335 + CVE-2006-4336 + CVE-2006-4337 + CVE-2006-4338 + SA-06:21.gzip + + + 2006-09-19 + 2006-12-19 + + + bind9 -- Denial of Service in named(8) -- cgit v1.2.3