Bug 155746
Summary: | CAN-2005-0988 Race condition in gzip | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> | ||||
Component: | gzip | Assignee: | Ivana Varekova <varekova> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 3 | CC: | sundaram | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | impact=low,public=20050404,source=bugtraq,reported=20050404 | ||||||
Fixed In Version: | 1.3.3-15 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-09-05 07:20:55 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Josh Bressers
2005-04-22 18:22:24 UTC
Created attachment 113665 [details]
Used patch
I fixed this problem in devel (gzip-1.3.5-4). (I changed permissions and
ownership before output file is closed.)
Ivana Varekova
"CLOSED RAWHIDE" is absolutely of no help to all FC3 installations out there with now a widely known open security issues. There were recent updates for RHEL. See https://rhn.redhat.com/errata/RHSA-2005-357.html Do you propose that everybody should recompile rawhide gzip rpms on their own? Not that hard to do, but .... fc3 package is built now (gzip-1.3.3-14.fc3). Sigh! gzip-1.3.5-14.fc3 indeed closes CAN-2005-0988 and CAN-2005-1228 but CAN-2005-0758 (bug 121514) is still there. That bug was fixed in RHEL gzip updates and exactly the same fix showed up in bzgrep from bzip2-1.0.2-13.FC3.1 released yesterday. FC4 gzip packages also do not sport that bug. fc3 package with CAN-2005-0758 (bug 121514) - patch is built now (gzip-1.3.3-15.fc3). |