Patch-ID# 116341-09
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security gzip hardlinked info
Synopsis: SunOS 5.9_x86: gzip and Freeware info files patch
Date: May/05/2010
Install Requirements: NA
Solaris Release: 9_x86
SunOS Release: 5.9_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 116340
Topic: SunOS 5.9_x86: gzip and Freeware info files patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6930214 6932860
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/usr/bin/gunzip
/usr/bin/gzcat
/usr/bin/gzcmp
/usr/bin/gzdiff
/usr/bin/gzegrep
/usr/bin/gzexe
/usr/bin/gzfgrep
/usr/bin/gzforce
/usr/bin/gzgrep
/usr/bin/gzip
/usr/bin/gzless
/usr/bin/gzmore
/usr/bin/gznew
/usr/sfw/share/info/dir
/usr/sfw/share/info/gdk.info
/usr/sfw/share/info/glib.info
/usr/sfw/share/info/grep.info
/usr/sfw/share/info/gtk.info
/usr/sfw/share/info/gtk.info-1
/usr/sfw/share/info/gtk.info-2
/usr/sfw/share/info/gtk.info-3
/usr/sfw/share/info/gtk.info-4
/usr/sfw/share/info/gtk.info-5
/usr/sfw/share/info/gtk.info-6
/usr/sfw/share/info/gzip.info
/usr/sfw/share/info/info-stnd.info
/usr/sfw/share/info/info-stnd.info-1
/usr/sfw/share/info/info-stnd.info-2
/usr/sfw/share/info/info.info
/usr/sfw/share/info/tar.info
/usr/sfw/share/info/tar.info-1
/usr/sfw/share/info/tar.info-10
/usr/sfw/share/info/tar.info-11
/usr/sfw/share/info/tar.info-2
/usr/sfw/share/info/tar.info-3
/usr/sfw/share/info/tar.info-4
/usr/sfw/share/info/tar.info-5
/usr/sfw/share/info/tar.info-6
/usr/sfw/share/info/tar.info-7
/usr/sfw/share/info/tar.info-8
/usr/sfw/share/info/tar.info-9
/usr/sfw/share/info/texinfo
/usr/sfw/share/info/texinfo-1
/usr/sfw/share/info/texinfo-10
/usr/sfw/share/info/texinfo-11
/usr/sfw/share/info/texinfo-12
/usr/sfw/share/info/texinfo-13
/usr/sfw/share/info/texinfo-2
/usr/sfw/share/info/texinfo-3
/usr/sfw/share/info/texinfo-4
/usr/sfw/share/info/texinfo-5
/usr/sfw/share/info/texinfo-6
/usr/sfw/share/info/texinfo-7
/usr/sfw/share/info/texinfo-8
/usr/sfw/share/info/texinfo-9
/usr/sfw/share/info/wget.info
/usr/sfw/share/info/wget.info-1
/usr/sfw/share/info/wget.info-2
/usr/sfw/share/info/wget.info-3
/usr/sfw/share/info/wget.info-4
/usr/sfw/share/info/wget.info-5
/usr/share/src/gzip/AUTHORS
/usr/share/src/gzip/COPYING
/usr/share/src/gzip/ChangeLog
/usr/share/src/gzip/INSTALL
/usr/share/src/gzip/Makefile.am
/usr/share/src/gzip/Makefile.in
/usr/share/src/gzip/NEWS
/usr/share/src/gzip/README
/usr/share/src/gzip/README-alpha
/usr/share/src/gzip/README.sfw
/usr/share/src/gzip/THANKS
/usr/share/src/gzip/TODO
/usr/share/src/gzip/acinclude.m4 (deleted)
/usr/share/src/gzip/aclocal.m4
/usr/share/src/gzip/algorithm.doc
/usr/share/src/gzip/amiga/Makefile.gcc
/usr/share/src/gzip/amiga/Makefile.sasc
/usr/share/src/gzip/amiga/match.a
/usr/share/src/gzip/amiga/tailor.c
/usr/share/src/gzip/amiga/utime.h
/usr/share/src/gzip/atari/Makefile.st
/usr/share/src/gzip/bits.c
/usr/share/src/gzip/config.guess (deleted)
/usr/share/src/gzip/config.h.in
/usr/share/src/gzip/config.sub (deleted)
/usr/share/src/gzip/configure
/usr/share/src/gzip/configure.in
/usr/share/src/gzip/crypt.c
/usr/share/src/gzip/crypt.h
/usr/share/src/gzip/deflate.c
/usr/share/src/gzip/depcomp
/usr/share/src/gzip/fdl.texi
/usr/share/src/gzip/getopt.c
/usr/share/src/gzip/getopt.h
/usr/share/src/gzip/getopt1.c
/usr/share/src/gzip/gunzip.1
/usr/share/src/gzip/gzexe.1
/usr/share/src/gzip/gzexe.in
/usr/share/src/gzip/gzip.1
/usr/share/src/gzip/gzip.c
/usr/share/src/gzip/gzip.doc
/usr/share/src/gzip/gzip.h
/usr/share/src/gzip/gzip.info
/usr/share/src/gzip/gzip.texi
/usr/share/src/gzip/inflate.c
/usr/share/src/gzip/install-sh
/usr/share/src/gzip/lzw.c
/usr/share/src/gzip/lzw.h
/usr/share/src/gzip/m4/ccstdc.m4 (deleted)
/usr/share/src/gzip/m4/isc-posix.m4 (deleted)
/usr/share/src/gzip/m4/largefile.m4 (deleted)
/usr/share/src/gzip/m4/shell.m4
/usr/share/src/gzip/match.c
/usr/share/src/gzip/mdate-sh
/usr/share/src/gzip/missing
/usr/share/src/gzip/mkinstalldirs
/usr/share/src/gzip/msdos/Makefile.bor
/usr/share/src/gzip/msdos/Makefile.djg
/usr/share/src/gzip/msdos/Makefile.msc
/usr/share/src/gzip/msdos/doturboc.bat
/usr/share/src/gzip/msdos/gzip.prj
/usr/share/src/gzip/msdos/match.asm
/usr/share/src/gzip/msdos/tailor.c
/usr/share/src/gzip/nt/Makefile.nt
/usr/share/src/gzip/os2/Makefile.os2
/usr/share/src/gzip/os2/gzip.def
/usr/share/src/gzip/os2/gzip16.def
/usr/share/src/gzip/primos/build.cpl
/usr/share/src/gzip/primos/ci.opts
/usr/share/src/gzip/primos/include/errno.h
/usr/share/src/gzip/primos/include/fcntl.h
/usr/share/src/gzip/primos/include/stdlib.h
/usr/share/src/gzip/primos/include/sysStat.h
/usr/share/src/gzip/primos/include/sysTypes.h
/usr/share/src/gzip/primos/primos.c
/usr/share/src/gzip/primos/readme
/usr/share/src/gzip/revision.h
/usr/share/src/gzip/rpmatch.c
/usr/share/src/gzip/sample/add.c
/usr/share/src/gzip/sample/makecrc.c
/usr/share/src/gzip/sample/sub.c
/usr/share/src/gzip/sample/zfile
/usr/share/src/gzip/sample/zread.c
/usr/share/src/gzip/sample/ztouch
/usr/share/src/gzip/stamp-h.in (deleted)
/usr/share/src/gzip/stamp-vti
/usr/share/src/gzip/tailor.h
/usr/share/src/gzip/texinfo.tex
/usr/share/src/gzip/trees.c
/usr/share/src/gzip/unlzh.c
/usr/share/src/gzip/unlzw.c
/usr/share/src/gzip/unpack.c
/usr/share/src/gzip/unzip.c
/usr/share/src/gzip/util.c
/usr/share/src/gzip/version.texi
/usr/share/src/gzip/vms/Makefile.gcc
/usr/share/src/gzip/vms/Makefile.mms
/usr/share/src/gzip/vms/Makefile.vms
/usr/share/src/gzip/vms/Readme.vms
/usr/share/src/gzip/vms/gzip.hlp
/usr/share/src/gzip/vms/makegzip.com
/usr/share/src/gzip/vms/vms.c
/usr/share/src/gzip/yesno.c
/usr/share/src/gzip/zcat.1
/usr/share/src/gzip/zcmp.1
/usr/share/src/gzip/zdiff.1
/usr/share/src/gzip/zdiff.in
/usr/share/src/gzip/zforce.1
/usr/share/src/gzip/zforce.in
/usr/share/src/gzip/zgrep.1
/usr/share/src/gzip/zgrep.in
/usr/share/src/gzip/zip.c
/usr/share/src/gzip/zless.1
/usr/share/src/gzip/zless.in
/usr/share/src/gzip/zmore.1
/usr/share/src/gzip/zmore.in
/usr/share/src/gzip/znew.1
/usr/share/src/gzip/znew.in
Problem Description:
6930214 CVE-2010-0624: heap-based buffer overflow in GNU tar
6932860 patch 116340-08/SUNWgzip/install/postinstall uses ROOTDIR which is undefined
(from 116341-08)
6616278 upgrade GNU tar (gtar) to 1.19 or greater to address CVE-2007-4131
6835864 upgrade GNU tar (gtar) to version 1.22
6847116 wget requires updating to the latest community version
6884801 wget accepts certificates that do not match the host name
(from 116341-07)
5097491 wget doesn't support secure HTTP
6215177 need complete support for large files in wget
(from 116341-06)
6470484 multiple security issues in gzip archiver may lead to arbitrary code execution
(from 116341-05)
6324222 gzcat/gunzip/gzcmp files missing after patch 116340-02[3] is applied to Unicon CP2160 satellite
(from 116341-04)
6283819 gzip TOCTOU file-permissions vulnerability
6294656 gzip vulnerability <=1.3.5: a malicious archive may write unintended files when uncompressed with -N
(from 116341-03)
5069958 [metropolis] file-roller does not display multibyte characters
(from 116341-02)
This patch revision was generated to remove the postbackout script
and to include man pages reference in Special Instructions.
(from 116341-01)
4793452 gzip 1.2.4 changes hardlinked files silently to -rwxrwxrwx
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: To get gzip man pages, please also install the following patch:
114015-08 (or greater) libxml and Freeware man pages patch
NOTE 2: To get the full fix for BugId 5069958 (file-roller does not display
multibyte characters), and including gtar man pages, please also
install the following patches:
114015-09 (or greater) libxml and Freeware man pages patch
118190-01 (or greater) Freeware localizable message file patch
118192-01 (or greater) gtar patch
NOTE 3: To get the source files for the gtar package, please also install
the following patch:
118194-01 (or greater) gtar source patch
NOTE 4: To get the full fix for BugId's 5097491 (wget doesn't support secure
HTTP) and 6215177 (need complete support for large files in wget),
please also install the following patches:
114015-14 (or greater) libxml, libxslt and Freeware manpages patch
118190-02 (or greater) Freeware localizable message file patch
125327-01 (or greater) wget patch
NOTE 5: To get the full fix for BugId's 6884801 (wget accepts certificates
that do not match the host name) and 6847116 (wget requires updating
to the latest community version), please also install the following
patches:
114015-25 (or greater) libxml, libxslt and Freeware manpages patch
125327-02 (or greater) wget patch
NOTE 6: To get the full fix for BugId's 6835864 (upgrade GNU tar (gtar)
to version 1.22) and 6616278 (upgrade GNU tar (gtar) to 1.19 or
greater to address CVE-2007-4131), please also install
the following patches:
118192-04 (or greater) gtar patch
118194-03 (or greater) gtar source patch
README -- Last modified date: Saturday, November 10, 2012