Summary
The remote host is missing an update to gzip
announced via advisory DSA 100-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20100-1
Insight
GOBBLES found a buffer overflow in gzip that occurs when compressing files with really long filenames. Even though GOBBLES claims to have developed an exploit to take advantage of this bug, it has been said by others that this problem is not likely to be exploitable as other security incidents.
Additionally, the Debian version of gzip from the stable release does not segfault, and hence does not directly inherit this problem.
However, better be safe than sorry, so we have prepared an update for you.
Please make sure you are running an up-to-date version from stable/unstable/testing with at least version 1.2.4-33.
Severity
Classification
-
CVE CVE-2001-1228 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities