Patch-ID# 112669-04
Download this patch from My Oracle Support
|
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
|
For further information on patching best practices and resources, please
see the following links:
|
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security gzip compression
Synopsis: SunOS 5.8_x86: gzip patch
Date: Mar/06/2007
Install Requirements: NA
Solaris Release: 8_x86
SunOS Release: 5.8_x86
Unbundled Product:
Unbundled Release:
Xref: This patch also available for SPARC as patch 112668
Topic: SunOS 5.8_x86: gzip patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6470484
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/usr/bin/gunzip
/usr/bin/gzcat
/usr/bin/gzcmp
/usr/bin/gzdiff
/usr/bin/gzexe
/usr/bin/gzgrep
/usr/bin/gzip
/usr/bin/gzless
/usr/bin/gzmore
/usr/bin/gznew
/usr/share/man/man1/gunzip.1
/usr/share/man/man1/gzcat.1
/usr/share/man/man1/gzcmp.1
/usr/share/man/man1/gzip.1
/usr/share/man/man1/gzless.1
/usr/share/man/man1/gzmore.1
/usr/share/src/gzip/COPYING
/usr/share/src/gzip/ChangeLog
/usr/share/src/gzip/INSTALL
/usr/share/src/gzip/Makefile.in
/usr/share/src/gzip/NEWS
/usr/share/src/gzip/README
/usr/share/src/gzip/THANKS
/usr/share/src/gzip/TODO
/usr/share/src/gzip/algorithm.doc
/usr/share/src/gzip/bits.c
/usr/share/src/gzip/configure
/usr/share/src/gzip/configure.in
/usr/share/src/gzip/deflate.c
/usr/share/src/gzip/getopt.c
/usr/share/src/gzip/getopt.h
/usr/share/src/gzip/getopt1.c
/usr/share/src/gzip/gzexe.in
/usr/share/src/gzip/gzip.1
/usr/share/src/gzip/gzip.c
/usr/share/src/gzip/gzip.doc
/usr/share/src/gzip/gzip.h
/usr/share/src/gzip/gzip.info
/usr/share/src/gzip/gzip.texi
/usr/share/src/gzip/inflate.c
/usr/share/src/gzip/lzw.c
/usr/share/src/gzip/revision.h
/usr/share/src/gzip/rpmatch.c
/usr/share/src/gzip/tailor.h
/usr/share/src/gzip/texinfo.tex
/usr/share/src/gzip/trees.c
/usr/share/src/gzip/unlzh.c
/usr/share/src/gzip/unlzw.c
/usr/share/src/gzip/unpack.c
/usr/share/src/gzip/unzip.c
/usr/share/src/gzip/util.c
/usr/share/src/gzip/yesno.c
/usr/share/src/gzip/zdiff.in
/usr/share/src/gzip/zgrep.in
/usr/share/src/gzip/zip.c
/usr/share/src/gzip/zless.1
/usr/share/src/gzip/zless.in
/usr/share/src/gzip/zmore.1
/usr/share/src/gzip/zmore.in
/usr/share/src/gzip/znew.in
Problem Description:
6470484 Multiple security issues in gzip archiver may lead to arbitrary code execution
(from 112669-03)
6283819 gzip TOCTOU file-permissions vulnerability
6294656 gzip vulnerability <=1.3.5: a malicious archive may write unintended files
when uncompressed with -N
(from 112669-02)
4793452 gzip 1.2.4 changes hardlinked files silently to -rwxrwxrwx
(from 112669-01)
4644742 Security issue with gzip 1.2.4.
Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
example# patchrm 104945-02
For additional examples please see the appropriate man pages.
Special Install Instructions:
-----------------------------
NOTE 1: To prevent error when removing the patch, please install
following patch before installing 112669-04:
108988-18 (or greater) Patch for patchadd and patchrm
README -- Last modified date: Friday, November 9, 2012