Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CAN-2005-0988 Race condition in gzip|
|Product:||[Fedora] Fedora||Reporter:||Josh Bressers <bressers>|
|Component:||gzip||Assignee:||Ivana Varekova <varekova>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Ben Levenson <benl>|
|Fixed In Version:||1.3.3-15||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-09-05 03:20:55 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Josh Bressers 2005-04-22 14:22:24 EDT
+++ This bug was initially created as a clone of Bug #155745 +++ Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. http://www.securityfocus.com/archive/1/394965
Comment 1 Ivana Varekova 2005-04-26 08:48:58 EDT
Created attachment 113665 [details] Used patch I fixed this problem in devel (gzip-1.3.5-4). (I changed permissions and ownership before output file is closed.) Ivana Varekova
Comment 2 Michal Jaegermann 2005-06-16 15:56:55 EDT
"CLOSED RAWHIDE" is absolutely of no help to all FC3 installations out there with now a widely known open security issues. There were recent updates for RHEL. See https://rhn.redhat.com/errata/RHSA-2005-357.html Do you propose that everybody should recompile rawhide gzip rpms on their own? Not that hard to do, but ....
Comment 3 Ivana Varekova 2005-06-17 06:19:18 EDT
fc3 package is built now (gzip-1.3.3-14.fc3).
Comment 4 Michal Jaegermann 2005-06-17 15:53:34 EDT
Sigh! gzip-1.3.5-14.fc3 indeed closes CAN-2005-0988 and CAN-2005-1228 but CAN-2005-0758 (bug 121514) is still there. That bug was fixed in RHEL gzip updates and exactly the same fix showed up in bzgrep from bzip2-1.0.2-13.FC3.1 released yesterday. FC4 gzip packages also do not sport that bug.