Note: This is an archival copy of Security Sun Alert 200095 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000079.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
Security vulnerabilities in the gzip(1) command may allow a local or remote unprivileged user to execute arbitrary code with the privileges of another user who runs the gzip(1) command, or cause a Denial of Service (DoS) condition using a specially crafted gzip archive.
These issues are also referenced in the following documents:
Sun acknowledges with thanks, Tavis Ormandy, Google Security Team, for discovering and reporting these issues.
These issues can occur in the following releases:
There are no predictable symptoms that would indicate the described issues have been exploited.
There is no workaround. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment