Solution
Please Install the Updated Packages.
Insight
The gzip package provides the GNU gzip data compression program.
An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially-crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001)
Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw.
Users of gzip should upgrade to this updated package, which contains a backported patch to correct this issue.
Affected
gzip on CentOS 3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-0001 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities