Patch-ID# 116341-09


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security gzip hardlinked info
Synopsis: SunOS 5.9_x86: gzip and Freeware info files patch
Date: May/05/2010


Install Requirements: NA

Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 116340

Topic: SunOS 5.9_x86: gzip and Freeware info files patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
479345215137900
506995815217348
509749115226169
621517715243440
628381915270970
629465615275340
632422215287123
647048415350454
661627815430399
683586415559788
684711615566675
688480115591688
693021415625822
693286015627897


Changes incorporated in this version: 6930214 6932860

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/bin/gunzip
/usr/bin/gzcat
/usr/bin/gzcmp
/usr/bin/gzdiff
/usr/bin/gzegrep
/usr/bin/gzexe
/usr/bin/gzfgrep
/usr/bin/gzforce
/usr/bin/gzgrep
/usr/bin/gzip
/usr/bin/gzless
/usr/bin/gzmore
/usr/bin/gznew
/usr/sfw/share/info/dir
/usr/sfw/share/info/gdk.info
/usr/sfw/share/info/glib.info
/usr/sfw/share/info/grep.info
/usr/sfw/share/info/gtk.info
/usr/sfw/share/info/gtk.info-1
/usr/sfw/share/info/gtk.info-2
/usr/sfw/share/info/gtk.info-3
/usr/sfw/share/info/gtk.info-4
/usr/sfw/share/info/gtk.info-5
/usr/sfw/share/info/gtk.info-6
/usr/sfw/share/info/gzip.info
/usr/sfw/share/info/info-stnd.info
/usr/sfw/share/info/info-stnd.info-1
/usr/sfw/share/info/info-stnd.info-2
/usr/sfw/share/info/info.info
/usr/sfw/share/info/tar.info
/usr/sfw/share/info/tar.info-1
/usr/sfw/share/info/tar.info-10
/usr/sfw/share/info/tar.info-11
/usr/sfw/share/info/tar.info-2
/usr/sfw/share/info/tar.info-3
/usr/sfw/share/info/tar.info-4
/usr/sfw/share/info/tar.info-5
/usr/sfw/share/info/tar.info-6
/usr/sfw/share/info/tar.info-7
/usr/sfw/share/info/tar.info-8
/usr/sfw/share/info/tar.info-9
/usr/sfw/share/info/texinfo
/usr/sfw/share/info/texinfo-1
/usr/sfw/share/info/texinfo-10
/usr/sfw/share/info/texinfo-11
/usr/sfw/share/info/texinfo-12
/usr/sfw/share/info/texinfo-13
/usr/sfw/share/info/texinfo-2
/usr/sfw/share/info/texinfo-3
/usr/sfw/share/info/texinfo-4
/usr/sfw/share/info/texinfo-5
/usr/sfw/share/info/texinfo-6
/usr/sfw/share/info/texinfo-7
/usr/sfw/share/info/texinfo-8
/usr/sfw/share/info/texinfo-9
/usr/sfw/share/info/wget.info
/usr/sfw/share/info/wget.info-1
/usr/sfw/share/info/wget.info-2
/usr/sfw/share/info/wget.info-3
/usr/sfw/share/info/wget.info-4
/usr/sfw/share/info/wget.info-5
/usr/share/src/gzip/AUTHORS
/usr/share/src/gzip/COPYING
/usr/share/src/gzip/ChangeLog
/usr/share/src/gzip/INSTALL
/usr/share/src/gzip/Makefile.am
/usr/share/src/gzip/Makefile.in
/usr/share/src/gzip/NEWS
/usr/share/src/gzip/README
/usr/share/src/gzip/README-alpha
/usr/share/src/gzip/README.sfw
/usr/share/src/gzip/THANKS
/usr/share/src/gzip/TODO
/usr/share/src/gzip/acinclude.m4 (deleted)
/usr/share/src/gzip/aclocal.m4
/usr/share/src/gzip/algorithm.doc
/usr/share/src/gzip/amiga/Makefile.gcc
/usr/share/src/gzip/amiga/Makefile.sasc
/usr/share/src/gzip/amiga/match.a
/usr/share/src/gzip/amiga/tailor.c
/usr/share/src/gzip/amiga/utime.h
/usr/share/src/gzip/atari/Makefile.st
/usr/share/src/gzip/bits.c
/usr/share/src/gzip/config.guess (deleted)
/usr/share/src/gzip/config.h.in
/usr/share/src/gzip/config.sub (deleted)
/usr/share/src/gzip/configure
/usr/share/src/gzip/configure.in
/usr/share/src/gzip/crypt.c
/usr/share/src/gzip/crypt.h
/usr/share/src/gzip/deflate.c
/usr/share/src/gzip/depcomp
/usr/share/src/gzip/fdl.texi
/usr/share/src/gzip/getopt.c
/usr/share/src/gzip/getopt.h
/usr/share/src/gzip/getopt1.c
/usr/share/src/gzip/gunzip.1
/usr/share/src/gzip/gzexe.1
/usr/share/src/gzip/gzexe.in
/usr/share/src/gzip/gzip.1
/usr/share/src/gzip/gzip.c
/usr/share/src/gzip/gzip.doc
/usr/share/src/gzip/gzip.h
/usr/share/src/gzip/gzip.info
/usr/share/src/gzip/gzip.texi
/usr/share/src/gzip/inflate.c
/usr/share/src/gzip/install-sh
/usr/share/src/gzip/lzw.c
/usr/share/src/gzip/lzw.h
/usr/share/src/gzip/m4/ccstdc.m4 (deleted)
/usr/share/src/gzip/m4/isc-posix.m4 (deleted)
/usr/share/src/gzip/m4/largefile.m4 (deleted)
/usr/share/src/gzip/m4/shell.m4
/usr/share/src/gzip/match.c
/usr/share/src/gzip/mdate-sh
/usr/share/src/gzip/missing
/usr/share/src/gzip/mkinstalldirs
/usr/share/src/gzip/msdos/Makefile.bor
/usr/share/src/gzip/msdos/Makefile.djg
/usr/share/src/gzip/msdos/Makefile.msc
/usr/share/src/gzip/msdos/doturboc.bat
/usr/share/src/gzip/msdos/gzip.prj
/usr/share/src/gzip/msdos/match.asm
/usr/share/src/gzip/msdos/tailor.c
/usr/share/src/gzip/nt/Makefile.nt
/usr/share/src/gzip/os2/Makefile.os2
/usr/share/src/gzip/os2/gzip.def
/usr/share/src/gzip/os2/gzip16.def
/usr/share/src/gzip/primos/build.cpl
/usr/share/src/gzip/primos/ci.opts
/usr/share/src/gzip/primos/include/errno.h
/usr/share/src/gzip/primos/include/fcntl.h
/usr/share/src/gzip/primos/include/stdlib.h
/usr/share/src/gzip/primos/include/sysStat.h
/usr/share/src/gzip/primos/include/sysTypes.h
/usr/share/src/gzip/primos/primos.c
/usr/share/src/gzip/primos/readme
/usr/share/src/gzip/revision.h
/usr/share/src/gzip/rpmatch.c
/usr/share/src/gzip/sample/add.c
/usr/share/src/gzip/sample/makecrc.c
/usr/share/src/gzip/sample/sub.c
/usr/share/src/gzip/sample/zfile
/usr/share/src/gzip/sample/zread.c
/usr/share/src/gzip/sample/ztouch
/usr/share/src/gzip/stamp-h.in (deleted)
/usr/share/src/gzip/stamp-vti
/usr/share/src/gzip/tailor.h
/usr/share/src/gzip/texinfo.tex
/usr/share/src/gzip/trees.c
/usr/share/src/gzip/unlzh.c
/usr/share/src/gzip/unlzw.c
/usr/share/src/gzip/unpack.c
/usr/share/src/gzip/unzip.c
/usr/share/src/gzip/util.c
/usr/share/src/gzip/version.texi
/usr/share/src/gzip/vms/Makefile.gcc
/usr/share/src/gzip/vms/Makefile.mms
/usr/share/src/gzip/vms/Makefile.vms
/usr/share/src/gzip/vms/Readme.vms
/usr/share/src/gzip/vms/gzip.hlp
/usr/share/src/gzip/vms/makegzip.com
/usr/share/src/gzip/vms/vms.c
/usr/share/src/gzip/yesno.c
/usr/share/src/gzip/zcat.1
/usr/share/src/gzip/zcmp.1
/usr/share/src/gzip/zdiff.1
/usr/share/src/gzip/zdiff.in
/usr/share/src/gzip/zforce.1
/usr/share/src/gzip/zforce.in
/usr/share/src/gzip/zgrep.1
/usr/share/src/gzip/zgrep.in
/usr/share/src/gzip/zip.c
/usr/share/src/gzip/zless.1
/usr/share/src/gzip/zless.in
/usr/share/src/gzip/zmore.1
/usr/share/src/gzip/zmore.in
/usr/share/src/gzip/znew.1
/usr/share/src/gzip/znew.in

Problem Description:

6930214 CVE-2010-0624: heap-based buffer overflow in GNU tar
6932860 patch 116340-08/SUNWgzip/install/postinstall uses ROOTDIR which is undefined
 
(from 116341-08)
 
6616278 upgrade GNU tar (gtar) to 1.19 or greater to address CVE-2007-4131
6835864 upgrade GNU tar (gtar) to version 1.22
6847116 wget requires updating to the latest community version
6884801 wget accepts certificates that do not match the host name
 
(from 116341-07)
 
5097491 wget doesn't support secure HTTP
6215177 need complete support for large files in wget
 
(from 116341-06)
 
6470484 multiple security issues in gzip archiver may lead to arbitrary code execution
 
(from 116341-05)
 
6324222 gzcat/gunzip/gzcmp files missing after patch 116340-02[3] is applied to Unicon CP2160 satellite
 
(from 116341-04)
 
6283819 gzip TOCTOU file-permissions vulnerability
6294656 gzip vulnerability <=1.3.5: a malicious archive may write unintended files when uncompressed with -N
 
(from 116341-03)
 
5069958 [metropolis] file-roller does not display multibyte characters
 
(from 116341-02)
 
	This patch revision was generated to remove the postbackout script
	and to include man pages reference in Special Instructions.
 
(from 116341-01)
 
4793452 gzip 1.2.4 changes hardlinked files silently to -rwxrwxrwx


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get gzip man pages, please also install the following patch:
 
         114015-08 (or greater)  libxml and Freeware man pages patch
 
NOTE 2:  To get the full fix for BugId 5069958 (file-roller does not display
         multibyte characters), and including gtar man pages, please also
         install the following patches:
 
         114015-09 (or greater)  libxml and Freeware man pages patch
	 118190-01 (or greater)  Freeware localizable message file patch
	 118192-01 (or greater)  gtar patch
 
NOTE 3:  To get the source files for the gtar package, please also install
         the following patch:
 
	 118194-01 (or greater)  gtar source patch
 
NOTE 4:  To get the full fix for BugId's 5097491 (wget doesn't support secure
         HTTP) and 6215177 (need complete support for large files in wget),
         please also install the following patches:
 
         114015-14 (or greater)  libxml, libxslt and Freeware manpages patch
         118190-02 (or greater)  Freeware localizable message file patch
         125327-01 (or greater)  wget patch
 
NOTE 5:  To get the full fix for BugId's 6884801 (wget accepts certificates
         that do not match the host name) and 6847116 (wget requires updating
         to the latest community version), please also install the following
         patches:
 
         114015-25 (or greater)  libxml, libxslt and Freeware manpages patch
         125327-02 (or greater)  wget patch
 
NOTE 6:  To get the full fix for BugId's 6835864 (upgrade GNU tar (gtar)
         to version 1.22) and 6616278 (upgrade GNU tar (gtar) to 1.19 or
         greater to address CVE-2007-4131), please also install
         the following patches:
 
         118192-04 (or greater)  gtar patch
         118194-03 (or greater)  gtar source patch


README -- Last modified date: Saturday, November 10, 2012